Security overview
Last updated July 3, 2026. Honest and specific — no invented certifications.
The architecture, in plain English
- Row-level security at the database.Every business's records are isolated by rules enforced inside the database itself — not just in our application code. A signed-in contractor can only ever read or write their own business's rows.
- Encrypted in transit. All traffic runs over HTTPS/TLS.
- Passwords are handled by Supabase Auth and stored hashed — we never see or store plaintext passwords.
- Card data never touches us.Subscription payments run on Stripe's hosted checkout; we store subscription status only.
- Secrets live server-side. Service keys and Stripe keys exist only in server environment variables, never in browser code.
- Client portal links are unguessable capabilities.Each job's link contains a random 64-bit token. Holding a link grants read access to that one job's client-facing record and the ability to approve items on it — nothing else. Internal notes are filtered out server-side and never sent to the portal.
- Approvals are recorded server-sidewith server timestamps; approved items aren't silently editable through the product.
- Webhooks are signature-verified. Subscription updates from Stripe are cryptographically checked before we trust them.
What we don't claim
We're a young product and we'd rather under-promise: we don't currently hold SOC 2 or ISO certifications, and we don't claim records are “legally binding” or “immutable forever.” What we build, we describe accurately — and this page will grow as the security program does.
Reporting
Found a vulnerability? Please tell us privately first — reply to any Swornbook email and we'll respond quickly and gratefully.