Security

Secure payment processing with industry-standard compliance.

• Stripe Checkout SAQ A compliance - card data never touches our server
• Webhook Security Signatures verified via stripe.webhooks.constructEvent

Full compliance with European data protection regulations.

• Data Subject Rights Export/erase functionality in user dashboard
• Data Retention Personal data stored ≤ 3 years after last visit

Enterprise-grade security with Supabase infrastructure.

• Row-Level Security RLS enabled on all multi-tenant tables
• Secrets Management Supabase Vault + Edge Secrets for keys
• Audit Logs Edge functions 30 days, audit logs 1 year

We use JWT-based authentication to secure our API. The flow is as follows:

1. 1User logs in with their credentials.
2. 2The server issues a JWT token.
3. 3The token is sent with each subsequent request to authenticate the user.

We use Role-Based Access Control (RBAC) to manage user permissions:

• RolesUsers are assigned roles (e.g., client, administrator)
• PermissionsRoles have specific permissions for system areas
• AccessUsers can only access features and data they are authorized to see

We take data protection seriously and have implemented the following measures:

• EncryptionEnd-to-end encryption for all sensitive data
• ComplianceGDPR-compliant data handling practices
• Regular AuditsRegular security audits to identify and address vulnerabilities