Security model
Security model
How your data is protected at every layer.
- ✓RLS everywhere
Every Supabase table enforces row-level security keyed on Clerk user ID.
- ✓Refresh tokens encrypted
Google OAuth refresh tokens are stored as pgsodium-encrypted columns.
- ✓Service-role isolation
The Supabase service role only runs in webhooks, cron jobs, and provisioning paths — never in user-facing routes.
- ✓No raw email body, ever
We do not call messages.get with format=full. Metadata only.
- ✓Local-only iMessage
The helper writes nothing back. It opens chat.db readonly and posts only counts + timestamps.
- ✓Stripe webhook signing
All webhooks verify signatures before any DB write.
- ✓Cron secret
Cron-only routes require a header secret rotated quarterly.