How AFEND handles your security.

We build readiness software, so we hold ourselves to the same standards we help customers reach.

Hosting and data residency

Customer data is stored in Supabase (Central EU, Frankfurt). Application code runs on Vercel.

Authentication

Supabase Auth with email magic link only at MVP. No passwords, no third-party identity providers.

Encryption

TLS in transit, AES-256 at rest (Supabase default). Document storage uses signed URLs with expiry.

Access control

Workspace isolation enforced at the database level via row-level security. Admin access uses a separate platform RBAC - the two policies are disjoint.

Audit logging

All sensitive admin actions are written to an append-only audit log with actor, before/after values, and reason.

Subprocessors

Supabase (hosting + DB + auth + storage), Vercel (application hosting), Stripe (billing). Full list maintained and reviewed.