Database and Data Security
Your data is stored in Supabase, a managed PostgreSQL database with enterprise-grade security.
Row Level Security (RLS)
Every table in your database has Row Level Security policies that control who can read and write data:
- Contacts — Only the assigned agent and admins can view a contact record
- Favorites — Users can only access their own saved favorites
- Blog posts — Published posts are publicly readable; only admins can create or edit
- Portfolio — Units are visible only to the assigned agent, client, and collaborators
Authentication
User authentication is handled by Supabase Auth:
- Passwords are hashed using bcrypt (never stored in plain text)
- Sessions use JWT tokens with configurable expiration
- Magic link and OAuth (Google) sign-in options are available
- Multi-factor authentication can be enabled for admin accounts
Encryption
- In transit — All data is encrypted using TLS 1.2+ between your site and the database
- At rest — Database storage is encrypted using AES-256
- Backups — Automated daily backups with point-in-time recovery
Supabase is SOC 2 Type II compliant and GDPR ready. Your data is hosted in secure cloud infrastructure with geographic redundancy.
What you should do
- Use strong passwords for all admin accounts
- Enable two-factor authentication for admin users
- Regularly review team member access and revoke inactive accounts
- Never share database credentials or API keys in plain text
Was this article helpful?
Related Articles
Enabling MLS on Your Site
How to activate the MLS/IDX feature toggle and connect resale data.
MLS/IDX Integration
MLS Data Sync and Freshness
How the cron sync works and how often MLS data is updated.
MLS/IDX Integration
API Keys Management
How to manage third-party API keys for integrations.
Integrations & Settings