End-user identity forwarding
Forward signed-in identity via identify() so business actions run as the real user — passwords never touch Qefro.
Authentication stays in your app. Qefro never stores passwords. Lead with the controls that matter: tenant isolation, encryption, identity forwarding, audit logs, and secure secret storage. SOC 2 compliance is on our roadmap — contact Sales for the current timeline.
Forward signed-in identity via identify() so business actions run as the real user — passwords never touch Qefro.
Business actions authorize with the end-user’s identity by default — not a shared organization secret.
Conversation history and Business Tool runs stay attached for accountability and review.
Multi-tenant by design at the database and vector store level. AI Workspaces control which knowledge and actions each experience can use.
Embeds load with short-lived widget tokens. Messages are bounded (8 KB), PII is scrubbed before model calls, and tenants cannot access each other’s data.
Business Tool credentials encrypted at rest. HTTPS-only outbound calls with SSRF protections and DNS-pinned webhooks.
Built for organizational AI — not demo chat experiences.
Enterprise customers can run Qefro in a private environment with dedicated support and custom SLAs. Contact sales for the current compliance roadmap and data processing terms.
Start free — no credit card required.