Security

Built around controlled access.

The product is early, but the security posture is already centered on private workspaces, row-level access rules, and buyer-approved sharing rather than open professional visibility.

Private by default

Buyer workspaces are designed so signed-in buyers only access their own records.

Explicit sharing

Share packages expose selected documents, permissions, expiration, and revocation state.

Row-level security

Supabase policies are used to restrict workspace, document, checklist, share, and audit records.

Private storage paths

Document storage is scoped by workspace so files can be protected by owner-aware policies.

Audit trail direction

Document uploads, replacements, share creation, and revocation are recorded for buyer visibility.

Launch hardening

MFA, deeper file scanning, signed URLs, and production security review remain important pre-launch work.