Isolation is provable
Every record is tenant-scoped and enforced by row-level security at the database layer, a control the application runtime cannot bypass. Automated tests cover the isolation boundary and run on every change.
Tidal Wave · Trust
How Tidal Wave handles your data, what we will show you, and what we will not claim. Wave sits beside your stack, reads through native connectors, and writes back only what you can audit, roll back, and switch off.
Quick answer
Tidal Wave is a per-tenant marketing intelligence platform built on three verifiable claims: tenant isolation is enforced at the database layer and covered by automated tests, consent is enforced at the boundary and fails closed, and every CRM write is logged with its before and after values and reversible in one click. We demonstrate each claim live in security reviews rather than asking you to take it on faith.
The trust facts
Last updated July 2026
The three claims
Security reviews run on proof, not prose. These are the claims Wave is built around, and every one of them is demonstrable in a live session.
Every record is tenant-scoped and enforced by row-level security at the database layer, a control the application runtime cannot bypass. Automated tests cover the isolation boundary and run on every change.
Do-not-contact people are never written to. Do-not-predict people are never scored. Suppression is a one-way ratchet: an opt-out can suppress a record, and nothing ever auto-un-suppresses it.
Each CRM write is logged with the previous value, the new value, and the model version that produced it. Rollback is a first-class operation, and a two-layer kill switch stops writeback instantly.
Verify, do not trust
We would rather show the controls than describe them. A review session walks through four live demonstrations on a working tenant.
The automated cross-tenant isolation tests run live, so you see the database refuse cross-tenant reads and writes instead of reading about it in an architecture diagram.
Before Wave writes anything, the console shows exactly which fields it would write per contact, with suppressed people visibly withheld. You review the writes before they exist.
Watch writeback stop instantly when the per-tenant switch flips, and confirm nothing reaches your CRM while it is off.
Walk the write log: previous value, new value, model version, timestamp, and the rollback path for any write Wave has made.
What we do not do
Trust includes being clear about what Wave is not, and holding the line.
Wave does not become your system of record. It does not message your recipients: no email, SMS, push, or ads, ever. It does not train shared models across customers, and it does not sell or share your data. Onboarding can start read-only, and for teams that cannot grant API access at all, Wave onboards by secure file upload or a read-only warehouse view.
Related: No-API-Key Onboarding, AI Accuracy Eval Harness, AI Lift Experiments.
Where we are
Tidal Wave is early access, working with design partners. We say exactly what is in place today versus on the roadmap, and we claim no certification until it is held.
FAQ
Yes, at the database layer. Every record is tenant-scoped and enforced by row-level security policies the application runtime cannot bypass, and automated isolation tests cover the boundary on every change. Wave also trains one model per tenant, so your data never trains anyone else's.
No. Wave classifies and predicts with one model per tenant. Your contact and engagement data never enters a shared or cross-customer model, and every prediction is stamped with the model version that produced it.
Suppression flows in from your systems and is enforced at the boundary: do-not-contact people are never written to, do-not-predict people are never scored. Suppression is a one-way ratchet, an opt-out can suppress a record, and nothing in Wave ever auto-un-suppresses it.
Yes. Every CRM write is logged with the previous value, the new value, and the model version that produced it, and rollback is a first-class operation. Writeback is off by default until you opt in, and a two-layer kill switch stops it instantly, per tenant or platform-wide.
Yes. For teams that cannot grant OAuth or API keys, Wave onboards by secure file upload or a read-only warehouse view, so the security review can say yes without a standing integration.
Not yet, and we will not claim it until it is held. A SOC 2 readiness program is under way, and in the meantime security reviews get a live working session plus the security pack, so you can verify the controls directly.
Yes. The DPA, current subprocessor list, security review pack, and technical whitepaper are available on request.
Request the security pack and we will schedule a working session: the isolation test suite run live, the writeback preview on a read-only connection, a kill-switch demonstration, and audit-trail inspection.
Verify it yourself
Book a session and we will run the review live: the isolation suite, the writeback preview, the kill switch, and the audit trail, on a working tenant.
Request the security pack