Enterprise-Grade Security

Security and privacy controls are configured through your deployment and infrastructure providers.

Get started Security FAQ

Encrypted in transit

Operational monitoring

Provider-managed storage

Access controls

Security Architecture

Multiple layers of protection ensure your data remains secure and private at all times

Encryption in transit

Traffic between your browser and the application is encrypted in transit using standard TLS.

Isolated Infrastructure

Workloads run on managed infrastructure. Security controls depend on your hosting configuration and deployment choices.

Secure Data Storage

Data is stored in the configured database provider for your deployment. Access controls and policies are applied where supported.

Advanced Authentication

Authentication and session handling are provided by the configured identity provider (for example, Supabase Auth).

Privacy by Design

Privacy-first principles: collect only what is needed for the product, and provide controls to manage your data.

Redundant Architecture

Operational monitoring and health checks help surface issues early. Availability characteristics depend on your deployment.

Infrastructure Security

Multi-layered security architecture protecting every aspect of your data

Edge Security

TLS termination and hosting-provider protections

Application Security

Authentication, authorization, and server-side secrets

Data Security

Database policies and least-privilege access

Security FAQ

Common questions about our security practices

How secure is MyRoofGenius for my business?

MyRoofGenius is designed with standard security best practices in mind (encryption in transit, access controls, and least-privilege). Exact controls depend on your deployment and provider configuration.

Where is my data stored?

Data is stored in the configured database/storage provider for your deployment (often Supabase). Review your environment configuration for the authoritative source of truth.

Who has access to my data?

Access is controlled by your organization’s users and the permissions/policies configured in your deployment. Support access, if any, should be explicitly authorized and scoped to the minimum needed.

How do you protect against data breaches?

Defense-in-depth: authentication, authorization, provider-level protections, and monitoring. Specific controls and guarantees depend on your hosting and database providers.

What happens to my data if I cancel?

You can export your data. Retention and deletion behavior depends on your billing configuration and deployment settings.

Security questions?

Contact support to discuss requirements and request security documentation for your deployment.

Contact support Enterprise Solutions