CleenUI is a source-code license, not a hosted service. There is no shared infrastructure, no multi-tenant SaaS layer operated by the vendor. Your application runs on your Azure subscription, on your infrastructure, under your team’s control.
Security primitives that are architected into the codebase from day one — not added after the fact.
All authentication flows — OAuth 2.0 / OpenID Connect, JWT issuance, MFA enforcement, social login — run through Auth0. Your team provisions and operates the tenant. CleenUI never holds or routes your users’ credentials.
Role-based access control is enforced on every API endpoint via JWT claims — not only at the UI layer. A user whose role lacks a permission cannot reach the endpoint regardless of how they call it.
Tenant context is injected on every stored-procedure call at the data layer. A user authenticated to tenant A cannot read tenant B’s data regardless of API access — isolation is enforced at the query, not just the route.
Every record in every module carries created/modified timestamps and user attribution. Audit trails are built into the schema — not bolted on later — so compliance queries are answerable from day one.
M04 Observability ships structured, queryable logs across all modules. Correlation IDs thread requests from entry to database call. Operational visibility is pre-wired, not a post-launch retrofit.
All data access goes through named stored procedures — 700+ of them. Every query path is explicit and auditable. A DBA can read any query, inspect its execution plan, and tune it without touching application code.
The codebase ships the application layer. The following is yours to configure and maintain.
Azure SQL, Storage Accounts, and Function Apps are provisioned in your tenant. No data passes through CleenUI infrastructure.
You choose the region at provisioning time. Data residency is fully under your control — pick the region that satisfies your compliance requirements.
The operator (Product Perfect LLC) has no access to your deployment, your database, or your customers’ data once the codebase has been delivered.
“SOC2 for CleenUI” is not the right frame — CleenUI is source code, not a hosted service that operates your data. The right question is whether your application, running on your infrastructure, can be operated in a SOC2-compliant way. The short answer is yes.
What’s already there: Auth0 as a SOC2 Type II-certified identity layer, audit history on every record, all data access through named stored procedures (fully queryable for compliance audits), and structured logging via M04 Observability.
The architect covers the compliance posture in detail on the architecture review call. For the full Security & Compliance FAQ, see the FAQ’s Security & Compliance section.
The architecture review is the right place to walk through your compliance requirements and verify the fit. 30 minutes, no cost, no commitment.