How we protect your data.
Encryption at rest
[Ryan will write: envelope encryption, Supabase Vault, context binding]
Write-once credentials
[Ryan will write: no reveal endpoint, no admin access, replace-to-update model]
Tenant isolation
[Ryan will write: structural isolation at the database level, composite FKs]
Audit logging
[Ryan will write: every action logged before plaintext returned]
MFA required
[Ryan will write: TOTP required for admin accounts]
Compliance roadmap
SOC 2 Type IIIn progress, target 2027
GDPR / CCPAFully compliant
Data retentionConfigurable per tenant; default 7 years
Data deletionOn account cancellation, data is retained for 30 days then permanently deleted
Data flow
Security questions?
For security inquiries or vulnerability reports, contact security@bridgedig.com