Security & privacy
Security and privacy, by design.
Carbon ERP is built so your data is scoped, private and yours — at every layer, for every tenant. We only claim what's true; specifics still being confirmed are marked plainly.
Multi-tenant isolation
Every company's data is scoped and private at every query layer. One tenant can never see another's data.
Access control
JWT authentication, role-based permissions, an authority matrix, and approval workflows for sensitive actions.
Audit logs
Administrative actions are recorded, so there's a trail of who changed what.
Payments
PCI handled by Safepay's hosted checkout. Carbon stores only tokens and card metadata — never card numbers.
Your data, yours
Full export from every module, an open REST API, and the freedom to leave anytime. Your data is never held hostage.
Responsible AI
AI runs within permissions and budgets, with approvals and Shadow Mode. Answers cite sources, and a grounded fallback works even without an AI model connected.
Infrastructure
Where and how it runs.
Bracketed items are placeholders pending confirmation — we'd rather leave them honest than publish an unverified claim.