Security & data protection

We handle invoice and customer contact data to run your escalation notices. We take security and access control seriously.

How we protect you

  • HTTPS in transit. All traffic is encrypted; data is never sent over plain HTTP.
  • Row Level Security (RLS). Your data is isolated at the database layer; you can only access your own business and invoices.
  • No passwords stored. We use one-time codes (OTP) sent to your email to sign in — no password to steal or reuse.
  • We never store your customers' payment details. Payments are handled by Stripe; card data never touches our servers.

Infrastructure and vendors

We rely on a short list of trusted providers: Supabase (database and auth), Vercel (hosting), Postmark (transactional email), and Stripe (billing). Each is chosen for security and compliance practices; we do not resell or share your data with third parties for marketing.

Data access

  • Each business can only access its own data (row-level security).
  • Authentication is required to view invoices and settings.

Email delivery

  • Emails are sent via authenticated sending domain.
  • Escalations use a no-reply sender to prevent back-and-forth and keep enforcement consistent.

Infrastructure

  • Data stored in managed Postgres (Supabase).
  • Encrypted in transit (HTTPS).

Operational controls

  • Grace period and escalation sequence are fixed by default to prevent misconfiguration.
  • Audit trail of enforcement activity is stored.
  • System status: View live status.

Support

If you need a data export or deletion, contact us.