Enterprise & security

Governance that's built in, not bolted on.

Schemora was designed for organisations where data is sensitive, decisions are audited, and "who changed this, and why?" is a question you have to answer. Every mapping, transformation and translation runs inside a controlled, accountable system.

Identity & access control

Token-based authentication with strong password hashing. Role-based access with system roles — Admin, Mapping Engineer, Reviewer, Auditor, Reporting Analyst, Viewer — plus custom roles. Users can hold different roles on different projects, and groups make access easy to manage at scale.

Audit & compliance

Every state-changing action writes a before/after snapshot with the actor, resource and timestamp. Approvals record who signed off, when, and from which session. Named mapping versions give you point-in-time snapshots for clean before/after comparison.

Your environment, your models

Deploy into your own VPC or on-premise. Route AI through your chosen provider and credentials. Your schemas, documents and mappings stay inside your boundary — Schemora is the engine, not the destination for your data.

Operational & API controls

Per-endpoint rate limiting, health and readiness probes for orchestration, structured logging, and revocable per-user API tokens for MCP and CI/CD. Built to run safely across multiple workers with consistent, shared state.

What it means for you

The controls reviewers actually ask about.

Accountability

An immutable trail of who did what, when — so audits are a query, not an archaeology project.

Least privilege

Project-level and custom roles mean people see and change exactly what their job requires, and nothing more.

Data residency

Run it where your data already lives. Nothing has to leave your network for Schemora to do its work.

Provenance

Every mapping carries its source — curated, derived from SQL lineage, or human-approved — so trust is traceable.

Repeatability

Snapshots and versions let you reproduce and compare any state of a mapping set over time.

Automation-ready

Drive the platform from your pipelines with scoped, revocable tokens — governance still applies.

Talk to us

Let's map your security review against Schemora.

Bring your questionnaire. We'll walk your architecture and compliance team through how Schemora meets it.