A high-level summary of how TR△CE keeps your data and your clients' data safe. Expand this into a full security page as you approach broader launch or enterprise customers.
TR△CE is built on top of modern managed infrastructure: Next.js on Vercel and Supabase for database and authentication. These platforms provide battle-tested security practices, TLS by default, and regular updates.
Access to the admin dashboard is protected by email/password login and role-based access control. Client portals use time-limited magic links so your customers don't need accounts, while still restricting access to the right projects.
Data is encrypted in transit via HTTPS and at rest by our infrastructure providers. Sensitive values like magic link tokens and 2FA secrets are hashed or encrypted server-side rather than stored in plaintext.
We use row-level security (RLS) in the database and middleware-level checks in the application to ensure users only see projects and updates belonging to their organization. This helps prevent cross-tenant data access by design.
TR△CE uses structured logging with sensitive fields redacted before logs leave the server. Logs focus on IDs and metadata (such as route, userId, orgId) rather than full payloads. This keeps operational visibility high without leaking secrets or raw content.
If you believe you've found a security issue in TR△CE, please contact us promptly. We'll review and address it as a priority.