PacketProof

Security overview

A plain-language summary of how PacketProof protects your data. For the engineering detail see our public security model in the docs repository.

Hosting + data location

  • App + serverless functions: Vercel, Frankfurt region (`fra1`).
  • Database, auth, storage: Supabase EU.
  • Billing: Stripe EU billing entity.
  • AI inference: OpenAI by default; Azure OpenAI EU available via configuration.

Tenancy + access control

  • Per-workspace Postgres Row Level Security on every tenant table.
  • Application bugs cannot leak across tenants — RLS is the last line of defence.
  • Anti-enumeration on auth, invite, and workspace lookup endpoints.
  • Owner / admin / editor / viewer roles with least-privilege defaults.

Data minimisation

  • Audit log + notification metadata is PII-safe: identifiers only, never card data, never invite tokens, never raw email local part.
  • Evidence files stay in Supabase Storage with workspace-scoped access. Signed URLs expire quickly.
  • We never send raw evidence files, source URLs, or storage filenames to the AI provider — only the question, the cited evidence ids and titles, a description of up to 600 characters, and (for text-format evidence only) a single excerpt of up to 1 500 characters of extracted text.

Operational

  • Append-only audit log; INSERT/UPDATE/DELETE revoked from app roles at the database privilege layer.
  • Stripe webhooks verified by signature; idempotent on event id.
  • Internal cron endpoints gated by a constant-time Bearer secret.
  • Quarterly secret rotation runbook.

What this is not

PacketProof is preparation tooling. It is not a substitute for legal counsel, an accredited auditor, or a SOC report. We track readiness coverage from the evidence you record — we do not assert framework status on your behalf.

Found a vulnerability? Mail support@packetproof.io with reproduction steps. We respond within five working days.