Security overview

Last updated July 3, 2026. Honest and specific — no invented certifications.

The architecture, in plain English

  • Row-level security at the database.Every business's records are isolated by rules enforced inside the database itself — not just in our application code. A signed-in contractor can only ever read or write their own business's rows.
  • Encrypted in transit. All traffic runs over HTTPS/TLS.
  • Passwords are handled by Supabase Auth and stored hashed — we never see or store plaintext passwords.
  • Card data never touches us.Subscription payments run on Stripe's hosted checkout; we store subscription status only.
  • Secrets live server-side. Service keys and Stripe keys exist only in server environment variables, never in browser code.
  • Client portal links are unguessable capabilities.Each job's link contains a random 64-bit token. Holding a link grants read access to that one job's client-facing record and the ability to approve items on it — nothing else. Internal notes are filtered out server-side and never sent to the portal.
  • Approvals are recorded server-sidewith server timestamps; approved items aren't silently editable through the product.
  • Webhooks are signature-verified. Subscription updates from Stripe are cryptographically checked before we trust them.

What we don't claim

We're a young product and we'd rather under-promise: we don't currently hold SOC 2 or ISO certifications, and we don't claim records are “legally binding” or “immutable forever.” What we build, we describe accurately — and this page will grow as the security program does.

Reporting

Found a vulnerability? Please tell us privately first — reply to any Swornbook email and we'll respond quickly and gratefully.