The most sensitive data deserves the strongest protection
Restorative justice means holding victims' and offenders' personal information. Tūhono is built so that data is encrypted, isolated, recoverable and accounted for — by default, not as an add-on.
Encrypted per provider
Sensitive information — contact details, case identifiers, uploaded documents and receipts — is encrypted at rest with AES-256-GCM. Each provider has its own key, so a breach exposes ciphertext, never readable data, and never another provider's.
Keys held outside the database
Encryption keys live in Supabase Vault, encrypted at rest with a root key held outside the database. Decryption happens server-side only — keys never reach the browser.
Hosted in Sydney
Your database and the app both run in the Sydney (AU) region — close to home for New Zealand latency, and your data stays in-region.
Daily point-in-time backups
Production runs with point-in-time recovery and a 7-day window, so the database can be restored to any moment if the worst happens.
30-day recovery
Deleted a note, contact or activity by mistake? It's soft-deleted and recoverable for 30 days from the audit page — nothing's gone the instant you click delete.
Full audit trail
Every change to cases, notes, participants and activities is recorded with who made it and when — an append-only history your provider can review any time.
Isolation at the database
Multi-tenant isolation and assigned-case access are enforced by Row-Level Security in the database — not just hidden in the interface. Facilitators see only the cases they're assigned to.
Verified sign-ups
New accounts require email verification before a workspace is created — a guard against impersonation and fake organisations.
How we think about it
Security as the backbone, not a feature
Tenancy and access control are the foundation of Tūhono — every provider is fully isolated, and we keep extending encryption across the data model as the product grows. Operational metadata that the system needs to function (timestamps, case stage, who did what) is kept available so your reporting and audit trail work without anyone needing access to a provider's key.
We'd rather tell you exactly how it works than wave a badge. If you have a security or privacy question for your organisation, we're happy to walk through the detail.
Bring your cases somewhere safe
Free during early access — set up in minutes.