Limena is an AI-first CRM for small and mid-sized businesses. The pages in this section explain how the platform handles tenant data: what we collect, who processes it, what protections are in place, and what happens when something goes wrong.
This is a working document, not a marketing surface. Every claim below is a property of the running system, and the stamp in the masthead is the date we last checked the two against each other.
- tenant_isolation
- Postgres row-level security, forced on every tenant table
- production_db_role
- non-superuser, no BYPASSRLS
- encryption_at_rest
- AES-256-GCM, per-tenant derived keys
- transport
- TLS 1.2+, HSTS in production
- audit_log
- append-only; every mutation recorded
- primary_data
- United Kingdom (London)
- ai_processing
- Anthropic API (US) by default; inputs not used for training
- incident_notification
- within 72 h of confirmation
Contracting with Limena as a data controller? Our Data Processing Addendum sets out the Article 28 terms that govern how we process tenant data on your behalf, and incorporates the sub-processors, incident, and controls pages above by reference.
Evaluating Limena as a vendor and missing an answer to a specific question? Email hello@limena.io and we’ll add it here.