Security and compliance without the sales theater
We use the same tools and practices we would want if we were your customer. No more, no less.
Data protection
AES-256-GCM for sensitive data at rest. Secure session tokens via Supabase. Role-based access enforced at every query.
GDPR & deletion
Scheduled deletion with 30-day grace period. Full data export on request. We only use essential cookies (auth only). See our Privacy and Cookie policies.
Audit as compliance tool
Retention tuned to your plan: 30 days, 1 year, or unlimited. Soft-delete jobs keep storage costs reasonable on lower tiers while preserving evidence.