Security is not an afterthought

Drawra is built from the ground up to protect your business's most sensitive information. Every design decision, every feature, and every line of code is informed by security-first thinking.

Principles

Our security principles

These principles guide every decision we make about how Drawra handles your data.

Defense in depth

Multiple layers of security - from network to application to data. No single point of failure in our security model.

Least privilege

Users and systems only have access to what they explicitly need. Permissions are restrictive by default.

Full transparency

Every access and every action is logged. Complete audit trails for all operations within your workspace.

Data isolation

Tenant-aware architecture ensures complete data isolation between organizations. No cross-tenant data leakage.

Access control & permissions

  • Role-based access control (Owner, Admin, Member)
  • Team-level permission groups
  • Resource-level access grants (View, Edit, Admin)
  • Per-drawer and per-folder access scoping
  • External partner access with limited visibility
  • Permission revocation with immediate effect

Encryption & sensitive storage

  • Secrets encrypted at rest with strong encryption
  • Controlled reveal mechanism with access logging
  • Credential metadata separated from secret values
  • Environment-scoped secret organization
  • Automatic masking of sensitive values in UI
  • Secure secret sharing within teams

Audit logs & traceability

  • Complete audit trail for every action
  • Tracks creates, updates, views, deletes, and reveals
  • User attribution on every log entry
  • Filterable by action type, entity, and user
  • Immutable audit log records
  • Exportable for compliance reporting

Tenant isolation

  • Complete data isolation between organizations
  • Organization-scoped API middleware
  • No shared data stores between tenants
  • Independent workspace configuration
  • Isolated user permissions per organization
  • Separate encryption contexts per tenant

Secure collaboration

  • Invitation-based team onboarding
  • Scoped shared spaces for external partners
  • Controlled resource visibility per collaborator
  • Comment and discussion within permission bounds
  • Revocable partner access at any time
  • Activity tracking for all collaborators

Compliance readiness

Designed with compliance in mind

Drawra is architected with the controls, audit capabilities, and data handling practices needed for future compliance certifications. We are actively working toward SOC 2 Type II, GDPR, and ISO 27001 readiness.

SOC 2 Type II

In preparation

GDPR

Compliant by design

ISO 27001

Roadmap planned

Security questions?

If you have questions about our security practices, need a security questionnaire completed, or want to report a vulnerability, our security team is here to help.

Contact security team

or email security@drawra.com

Protect your team's digital operations

Join teams that trust Drawra with their most sensitive business assets.

Start freeBook a demo