codexroom

Product

Give the right people the right keys.

Codexroom owns its own role model. Governors hold the library. Creators compose decks. Viewers consume them. Authentication runs through Clerk. Membership and roles live inside your workspace.

Book a security walkthrough

The roles

Governor, Creator, Viewer.

Governor. Holds the library. Authors tokens, slot types, slide templates, deck chrome, data room assets, and approver rules. The only role that can publish a template or approve a metric.

Creator. Composes decks from the published library. Creates shares. Reads analytics on their own shares.

Viewer. Reads decks inside the workspace. The internal-facing reader.

Roles live in Codexroom's memberships table, never in Clerk. Clerk is the front door for sign-in. Codexroom decides what each signed-in user can do.

Audit log

Every mutation writes a row.

Every token created, every template published, every deck assembled, every share created, every watermark forced off. All written to the audit log with the actor, the resource, the metadata, and the timestamp. The log is append-only and immutable. Every entry stays for the life of the workspace.

The audit log is the answer to "who did what when". Compliance reads it. Security reads it. The board reads the summary.

Row-level security

Every query carries the tenant context.

Every domain table has an organization_id column. Every query passes through a tenant context that sets the active org, user, and role at the Postgres session level. Row-level security policies on every table enforce the scope at the database. No application code ever runs a "where organization_id = ?" by hand.

Two tenants on the same instance cannot see each other under any circumstance Codexroom can engineer for.

Multi-tenant

Your workspace lives at your-slug.codexroom.com.

Each workspace gets a unique subdomain. Members sign in once on the apex and stay signed in across the subdomain. Recipients open shares at codexroom.com/v/<token> so the URL never leaks the tenant. Reserved subdomains stay blocked.

SSO and SCIM

Enterprise on day one of the Enterprise plan.

Clerk handles SSO with Okta, Azure AD, Google Workspace, OneLogin, and the SAML and OIDC standards. SCIM ships on Enterprise. Provisioning rules map the directory's group to a Codexroom role.

See it work

Walk through the audit log and the RLS posture with our team.

A 30 minute session for your security and IT lead. Bring questions.
Book a security walkthroughRead the trust centre