security
What's actually protecting your data.
Not a compliance badge — this is what a real audit of this codebase found today, and what got fixed as a result.
What's protected, and how
Row-level security on every table
Every database table enforces ownership at the Postgres level (real RLS policies checking auth.uid()), not just in application code — so a bug in a single API route can't accidentally expose another user's data.
Private storage, signed URLs only
Photos, receipt images, and insurance policy documents all live in private storage buckets. Every image you see is served through a short-lived signed URL generated on demand, never a permanent public link.
Verified Stripe webhooks
Payment events are cryptographically signature-checked before anything happens, and processed exactly once even if Stripe retries delivery — a replayed event can never double-grant scan budget.
Video never leaves your browser
Frame extraction runs entirely client-side, in a hidden video element inside your browser — only the small, compressed, in-focus frames the AI actually needs are ever uploaded. The raw walkthrough video is never sent anywhere.
Admin actions are gated and logged
Support actions (like granting bonus scan budget) are restricted to a real admin allowlist and written to an audit log — not just "anyone who's signed in."
No server secrets in your browser
API keys for Claude, Stripe, and email delivery are server-only. Only the values a browser genuinely needs are ever shipped to the client.
Your data, your control
Real data export
Download everything the app has on you — inventories, items, timestamps, memberships — as one JSON file, on demand.
Real account deletion
Deleting your account removes your database rows and every stored file across all three storage buckets (item photos, receipts, policy documents) — not just the account record.
This is a solo-built product, not an enterprise vendor with a SOC 2 report on file. Everything above is verifiable in the actual source code — it isn't a marketing claim.