Security

Your data is yours.
We take that seriously.

Security is not a feature we added later — it's built into every layer of Cabrii, from the database to the UI.

How we protect you

Security at every layer

🔒
Row-Level Security
Every database query is scoped to your organization and team. RLS policies enforced at the database level — not just the application layer. Even if the app had a bug, your data stays isolated.
🔑
Secure authentication
Authentication is handled by Supabase Auth, built on industry-standard JWT tokens. Passwords are hashed with bcrypt and never stored in plain text. Sessions expire automatically.
🚀
Encryption everywhere
All data is encrypted in transit using TLS 1.2+. Data at rest is encrypted by Supabase's underlying infrastructure. File uploads (evidence images) are stored in isolated, access-controlled buckets.
🏗️
Role-based access control
Four roles: admin, manager, dev, and viewer. Each role has precise permissions enforced at both the API and database layers. Viewers can never modify data, even with a crafted API call.
🛡️
Trusted infrastructure
Cabrii runs on Vercel (hosting) and Supabase (data), both SOC 2 Type II compliant. We do not run our own servers — we leverage infrastructure with enterprise-grade security postures.
💳
Payment security
Payments are fully handled by LimãoPay. Cabrii never touches, stores, or logs payment card data. Our integration uses a client-side SDK that communicates directly with the payment processor.
🐛

Found a vulnerability?

We take security reports seriously. If you discover a vulnerability in Cabrii, please disclose it responsibly by emailing joelbarbosa.ads@gmail.com with the subject line [Security].

Please include: a description of the issue, steps to reproduce, and the potential impact. We'll acknowledge your report within 48 hours and work with you to resolve it promptly.

We do not have a formal bug bounty program at this time, but we genuinely appreciate responsible disclosure and will credit researchers who help us improve.

Infrastructure

Built on trusted platforms

Supabase
Database, Auth & Storage
SOC 2 Type II · PostgreSQL · RLS · Encrypted at rest
Vercel
Hosting & Edge delivery
SOC 2 Type II · Global CDN · HTTPS everywhere · DDoS protection
LimãoPay
Payment processing
PCI-DSS compliant · No card data stored by Cabrii