Access and tenancy
Confirm how owner, admin, manager, and employee roles map to named permissions; review how organization scope, row-level security, and route checks prevent cross-account access.
Trust and security
Yrka is built on Supabase auth, organization scoping, row level security, role checks, private storage, and signed URLs — and we describe what's shipped, not what's promised.
Recent audit events
Generated layout — synthetic demo data.
What's in place
Shipped, observable, and described the way operators expect.
Supabase auth, organization tenancy, role and permission checks, and RLS.
Employee documents stored privately with permissioned short-lived signed URLs.
Audit events for sensitive actions, structured logs, and Sentry monitoring when configured.
Provider keys server-side, prepared sources only, refusal states when providers are disabled.
Deployment, migration, backup, restore-drill, and incident-response runbooks documented.
Legal, payroll, tax, HR, and compliance obligations stay with the customer — by design.
Review checklist
Yrka's trust posture is strongest when the customer can connect public claims to the operating controls they will actually use.
Confirm how owner, admin, manager, and employee roles map to named permissions; review how organization scope, row-level security, and route checks prevent cross-account access.
Review private employee document storage, signed URL behavior, upload limits, export expectations, and who is allowed to view confidential records before rollout.
Check which AI providers are enabled, which sources can be prepared for Resources chat, how citations appear, and where human review remains required before an AI-assisted output is used.
Read the deployment, monitoring, backup, restore-drill, support, and incident-response runbooks so launch expectations match the controls currently in place.
Scope
Yrka maps every public claim to a product source of truth.
Legal and policy
Security FAQ
We answer security questions before they’re escalated. If something is missing, ask.
Not at launch. The trust page lists the controls Yrka has today plus the items in flight before public launch — no certification claims are made without evidence.
Start with a 30-day card-required trial. Cancel anytime from the Stripe customer portal. Workspaces stay available for export or reactivation for 30 days after paid access ends.
No. Yrka covers time tracking, scheduling, payroll-prep exports, and provider handoff. Customers stay in charge of payroll processing, tax filing, legal, and HR decisions.
Responsive web and an installable PWA cover employee time entry, scheduling, resources, tasks, messages, and profile review. Employees see scoped offline read context plus queued supported writes with clear sync states.
Yes. Payroll-prep exports, schedule and time reports, and employee data exports are part of the core product. Customer data remains exportable for 30 days after paid access ends unless an earlier deletion is requested.
Read the posture, ask the hard questions, and book a session if you want to dig deeper before a trial.
Yrka uses optional analytics on the public site to understand page interest. The authenticated app does not load GA4.