Data Security & Governance Report
Version: 1.0 | Last Updated: January 2026 | Classification: Public
Security Controls
Infrastructure Security
Cloud Provider
Supabase (built on AWS infrastructure) with SOC 2 Type II certification
Data Encryption
AES-256 encryption at rest; TLS 1.3 encryption in transit
Network Isolation
Virtual Private Cloud (VPC) with isolated tenant environments
DDoS Protection
Enterprise-grade protection via Cloudflare and AWS Shield
Authentication & Access Control
| Control | Implementation |
|---|---|
| Authentication | JWT-based authentication with secure token management |
| Password Policy | Minimum 8 characters with complexity requirements; bcrypt hashing |
| Session Management | Configurable session timeouts with secure refresh token rotation |
| Role-Based Access | Granular permissions (Team Member, Administrator, Super Admin) |
Multi-Tenant Data Isolation
- Row-Level Security (RLS): PostgreSQL RLS policies enforce strict tenant isolation at the database level
- Auction-Based Segmentation: All core data tables include
auction_idforeign key with enforced RLS - Cross-Tenant Prevention: Database-level policies prevent any cross-tenant data access
Availability Controls
| Control | Implementation |
|---|---|
| Uptime SLA | 99.9% availability (Supabase Pro tier) |
| Database Backups | Daily automated backups with 7-day retention; point-in-time recovery |
| Disaster Recovery | Multi-region replication capabilities; RPO < 24 hours |
| Monitoring | Real-time health monitoring with Sentry error tracking |
Confidentiality Controls
Data Classification
| Data Type | Protection Level |
|---|---|
| User Data | Email, name, role assignments — encrypted at rest |
| Operational Data | Lot submissions, inspections, rock reports — tenant-isolated |
| Imported Data | Third-party historical data — same protections as native data |
Access Restrictions
- Service role keys restricted to server-side operations only
- Anonymous keys limited to authenticated user scope via RLS
- Admin functions require elevated role verification
- Audit logging for administrative actions
Data Handling
Data Retention
Data Retention
Data retained per customer agreement; deletion available upon request.
Data Export
Data Export
Authorized users can export their organization’s data via admin dashboard.
Account Deletion & Anonymization
Account Deletion & Anonymization
Users can permanently delete their accounts via self-service (mobile app) or administrator action (admin dashboard). The deletion process anonymizes PII (name, email), permanently removes authentication credentials, revokes all access, and sends a confirmation email before anonymization. Operational data (submissions, inspections, reports) is preserved for audit continuity, attributed to “Deleted User”.
Processing Integrity
- Input Validation: Zod schema validation on all form inputs (mobile and admin)
- Type Safety: Full TypeScript coverage with strict compilation
- Database Constraints: Foreign keys, check constraints, and triggers enforce data integrity
- Optimistic Updates: Rollback mechanisms prevent partial data corruption
Third-Party Data Import Security
When importing historical data from external systems:Compliance Alignment
| Framework | Status |
|---|---|
| SOC 2 Type II | Infrastructure provider certified; application controls aligned |
| GDPR | Data minimization, right to deletion (self-service account deletion with confirmation email), export capabilities |
| CCPA | Consumer data rights supported, including self-service account deletion |
| Apple App Store (Guideline 5.1.1(v)) | Self-service account deletion available in-app; confirmation email sent for compliance |
Incident Response
Contact
For security inquiries or to request additional documentation:Security Team
This document provides an overview of security controls. Detailed policies available upon request under NDA.