Security at Spendbase

Your financial data is sensitive. Here's exactly how we protect it.

Encryption everywhere

All data is encrypted at rest using AES-256 and in transit via TLS 1.2+. Passwords are never stored — Supabase Auth handles credential hashing using bcrypt.

Row Level Security

Every database table has Row Level Security enabled in Postgres. Your workspace data is inaccessible to other users at the database level — not just in application code.

Auth & sessions

Authentication is provided by Supabase Auth. Sessions use secure, HTTP-only cookies with a 1-year expiry. Google SSO is available as an alternative to email/password.

Infrastructure

Spendbase runs on Vercel (serverless, edge) backed by Supabase on AWS. Infrastructure is managed by providers with SOC 2 Type II certification.

Payment security

No card data ever touches our servers. All payments are processed by Razorpay, which is PCI DSS Level 1 compliant — the highest level of certification available.

Access controls

Workspace data is role-scoped (owner, admin, member). Privileged operations — workspace creation, team management, billing — use a service-role client that bypasses RLS only for bootstrap flows, with explicit permission checks in every action.

Our security stack

Database

Supabase Postgres · Row Level Security on all tables · AES-256 at rest

Authentication

Supabase Auth · bcrypt password hashing · HTTP-only session cookies

Transport

TLS 1.2+ on all connections · HTTPS enforced by Vercel

Hosting

Vercel (SOC 2 Type II) · Supabase on AWS (SOC 2 Type II)

Payments

Razorpay PCI DSS Level 1 · No card data stored by Spendbase

File storage

Supabase Storage · Workspace-scoped access policies

Secrets

Environment variables managed by Vercel · Never committed to source

Dependencies

Automated dependency updates · npm audit on every build

Found a vulnerability?

We take security reports seriously. Please disclose responsibly.

Report a vulnerability

info@digitalitup.in · We aim to respond within 48 hours