Security

Encryption

• TLS 1.3 encryption for all data in transit
• AES-256 encryption for data at rest
• Document storage encrypted at the object level
• Database connections secured with SSL certificates

Access Control

• Row Level Security (RLS) ensures users can only access their own data
• Role-based access control with 30 granular permission roles
• Time-boxed access with automatic role expiration
• Passwordless authentication via magic links (no passwords to compromise)

Audit & Monitoring

• Complete audit trail for all role changes and administrative actions
• Deal activity logging tracks every status change and interaction
• Real-time error monitoring and alerting

Infrastructure

• Hosted on Vercel's edge network with global CDN distribution
• Database hosted by Supabase with automatic backups and point-in-time recovery
• No sensitive data stored in client-side storage or cookies

Privacy by Design

Borrower identities are never shared with lenders until explicit consent is given. Our matching engine works with anonymized data, and lenders only see opportunity summaries — not borrower names or contact information — until a match is mutually accepted.

Read our full Privacy Policy for details on data collection, usage, and your rights.