Unique account authentication enforced

The company enforces unique account authentication across systems and applications using Supabase Auth with JWT, OAuth (Google, Facebook), magic link, automatic token refresh, and authorized Secure Socket Shell (SSH) keys.

Access control procedures established

The company's access control policy documents the requirements for the following access control functions: adding new users; modifying users; and/or removing an existing user's access.

Remote access encrypted enforced

The company's production systems can only be remotely accessed by authorized employees via an approved encrypted connection.

Authentication mechanisms enforced

Supabase Auth with JWT, OAuth (Google, Facebook), magic link, and automatic token refresh ensure secure and seamless user authentication across all access points.

Role-based access control (RBAC) implemented

Four distinct roles (amical, residence, resident, operator) are enforced through route guards with built-in protection against privilege escalation.

PostgreSQL search_path hardened

Critical database functions use SET search_path = '' to prevent search path injection attacks.

Encryption at rest enforced

All stored data is encrypted at rest using Supabase's default AES-256 encryption.

Encryption in transit enforced

All data in transit is protected via HTTPS/TLS encryption for every client-server communication.

Database connection pooling configured

PgBouncer is configured with a pool size of 20 and a maximum of 100 client connections to ensure stable and performant database access.

Database indexing optimized

Comprehensive B-tree, composite, partial, and GIN indexes are maintained on all primary tables to ensure query performance at scale.