Security Policy
Last updated: June 2025
Effective from: June 2025
1. Our Security Commitments
- All data encrypted in transit (TLS 1.3)
- All data encrypted at rest (AES-256)
- Authentication via Supabase Auth with bcrypt password hashing
- Row Level Security on all database tables — users can only access their own data
- API keys never exposed client-side
- All AI API calls via server-side Edge Functions
2. What You Can Do
- Use a strong unique password
- Enable two-factor authentication when available
- Log out on shared devices
- Report suspicious activity
3. Responsible Disclosure
Found a vulnerability?
Email info@propwealthmetrics.com before public disclosure. We will respond within 48 hours and work with you to resolve it.
4. Incident Response
In the event of a data breach:
- Affected users notified within 72 hours
- ICO notified as required by UK GDPR
- Full incident report published
Questions about this policy? Email info@propwealthmetrics.com.