Enterprise-Grade Security

Security and privacy controls are implemented across managed infrastructure, authenticated services, and tenant-scoped data access.

Get started Security FAQ

Encrypted in transit

Operational monitoring

Provider-managed storage

Access controls

Security Architecture

Multiple layers of protection ensure your data remains secure and private at all times

Encryption in transit

Traffic between your browser and the application is encrypted in transit using standard TLS.

Isolated Infrastructure

Workloads run on managed cloud infrastructure with isolated services, authenticated internal APIs, and continuous health monitoring.

Secure Data Storage

Production data is stored in Supabase Postgres with row-level security policies and scoped service access controls.

Advanced Authentication

Authentication and session handling run through Supabase Auth with tenant-scoped access patterns.

Privacy by Design

Privacy-first principles: collect only what is needed for the product, and provide controls to manage your data.

Redundant Architecture

Operational monitoring, scheduled trust checks, and fail-secure API guardrails help detect and contain issues quickly.

Infrastructure Security

Multi-layered security architecture protecting every aspect of your data

Edge Security

TLS termination and hosting-provider protections

Application Security

Authentication, authorization, and server-side secrets

Data Security

Database policies and least-privilege access

Security FAQ

Common questions about our security practices

How secure is MyRoofGenius for my business?

MyRoofGenius uses TLS in transit, security headers (HSTS, CSP, X-Frame-Options), signed Stripe webhooks verified server-side, Supabase Auth with scoped sessions, and Row-Level Security (RLS) policies on 99.9% of database tables for tenant isolation.

Where is my data stored?

Production account and subscription data is stored in Supabase Postgres. Payment data is processed by Stripe. Object/file storage follows the configured provider for your deployment.

Who has access to my data?

Access is controlled by your organization’s users and the permissions/policies configured in your deployment. Support access, if any, should be explicitly authorized and scoped to the minimum needed.

How do you protect against data breaches?

Defense-in-depth: authentication, authorization, provider-level protections, and monitoring. Specific controls and guarantees depend on your hosting and database providers.

What happens to my data if I cancel?

You can export your data before cancellation. Standard retention is 30 days for report access after cancel, then data enters deletion workflow according to legal and billing retention requirements.

How do I report a security vulnerability?

Use responsible disclosure by emailing security@myroofgenius.com with reproduction details and impact. Initial triage target is within 1 business day.

Security questions?

Contact support to discuss requirements and request security documentation for your deployment.

Contact support Enterprise Solutions