Security
Security practices for this website, request-support workflow, and protected account areas.
Current safeguards include a basic request-support workflow, Supabase Auth, role-based account access, and protected admin/client areas.
Public forms should collect only basic service inquiry details and should not collect payment card data, identity documents, or highly sensitive information.
Visitors should avoid submitting sensitive information unless a secure workflow specifically requests it.
Authenticated areas should use role-based access control, protected routes, Row Level Security, private storage buckets, signed document access, input validation, secure error handling, and audit logs as each feature is introduced.
Secrets should stay in environment variables and should not be committed to the repository.
The platform avoids unnecessary sensitive data collection. Document workflows should use reviewed hosting, storage, and access controls before collecting private files.