Tenant isolation
Supabase Auth, company memberships, role checks, and row-level security policies isolate company data.
Security and privacy
Visit Bridge uses role-based access, tenant-aware database policies, audit logging, and operational release checks for organizations that manage child, family, court, and supervisor records.
Supabase Auth, company memberships, role checks, and row-level security policies isolate company data.
Sensitive actions write audit events through a database RPC that derives actor identity from the authenticated session.
Uploads are private, company-scoped, extension/MIME-validated, content-sniffed, and served through short-lived signed URLs.
Release gates include linting, typechecking, unit tests, coverage, production builds, e2e smoke tests, and a health endpoint.
Privacy, retention, support access, backup, deployment, and incident response documents are maintained in the release packet and should be reviewed with counsel and customer stakeholders before processing real production records.