Security Practices

All data is encrypted in transit using TLS 1.3 and encrypted at rest using AES-256. This applies to all traffic between the browser, the API, and the database.

Row-Level Security (RLS) is enforced at the database layer via Supabase. Each tenant can only access their own data — cross-tenant queries are structurally impossible through the application.

No service keys or privileged credentials are exposed to the frontend. All privileged operations run server-side. The frontend uses the Supabase anon key with RLS as the access boundary.

Authentication is managed by Supabase using JWT tokens. Sessions are cookie-based and scoped to the authenticated tenant. Password resets and email verification are handled through Supabase's auth flow.

Security is reviewed on an ongoing basis. To report a vulnerability or concern, email security@sentinelpricing.com