🛡️SaaS Space Access Gateway
← Back to Login

Security & Compliance Trust Center

Enterprise Trust & Security

Our universal BYOD gateway architecture is designed to satisfy the rigorous security and data confidentiality standards of Fortune 500 organizations, operating under continuous compliance parameters.

🔒

Multi-Tenant Isolation

Domain segregation is enforced natively inside Postgres via strict Row Level Security (RLS) policies. Tenants are logically segregated at the connection thread level with zero chance of cross-organization leakage.

🔄

GDPR Privacy By Design

Automated data-retention chron workers automatically purge scrolling canvas visitor signatures and cryptographically hash plaintext emails/phones into irreversible SHA-256 strings.

🔌

Auditability & SSO

Equipped with enterprise-ready SAML/OIDC federated single sign-on redirect lockouts, and streaming HMAC-SHA256 authenticated audit telemetry logs directly to Splunk/Datadog dashboards.

Supabase Postgres Row-Level Security (RLS) Model

Natively isolated row accesses prevent horizontal privilege escalations.

-- Row-Level Isolation Segregation Policy Blueprint
ALTER TABLE public.passes ENABLE ROW LEVEL SECURITY;

CREATE POLICY "members can view passes"
  ON public.passes
  FOR SELECT
  TO authenticated
  USING (
    -- Matches logged-in staff member organization UUID
    public.is_org_member(organization_id)
  );

CREATE POLICY "owners and admins can manage passes"
  ON public.passes
  FOR ALL
  TO authenticated
  USING (public.can_manage_org(organization_id))
  WITH CHECK (public.can_manage_org(organization_id));

Disaster Recovery & Replication

Our infrastructure employs continuous multi-region transaction log replication. DB snapshots are backed up securely every 60 minutes with a target RPO (Recovery Point Objective) of < 1 hour, and RTO (Recovery Time Objective) of < 4 hours. Automated health-check nodes monitor turnstile gates continuously.

RPO: < 1 HourRTO: < 4 HoursSLA: 99.99% Uptime

Data Encryption Parameters

All credentials and visitor files are encrypted at rest using industry-standard AES-256 encryption. Telemetry signals and browser scanner interactions utilize TLS 1.3 protocol. Dynamic 24-hour rotating keys authenticate terminal devices, ensuring total verification integrity.

At Rest: AES-256In Transit: TLS 1.3Device Tokens: HMAC-SHA256