Security & privacy

Brook is built on Supabase with Row Level Security (RLS). We encrypt data in transit and at rest, and follow EU‑friendly practices.

Row Level Security

Supabase RLS protects your data

Encrypted

In transit and at rest

EU-ready

Built with GDPR in mind

Authentication & sessions

Supabase Auth with secure cookies and server‑side validation.

Row Level Security

Per‑user access policies enforced at the database level.

Encryption

TLS in transit; encrypted storage for data at rest.

Backups

Automated database backups; recovery validated during development.

Access control

Protected routes in middleware; least‑privilege service roles.

Data deletion

Account Settings allow deletion; cascades remove related records.

Data Deletion Policy

Users can delete their account in Account Settings. Deleting removes associated dogs, litters, puppies, photos, and records. Backups may retain data for a limited retention period and then are purged.

Backup schedule & retention

Daily automated database backups
Rolling retention (e.g., 7–14 days) for recovery
Periodic restore tests in development to validate recovery

Incident response

Monitor error rates and unusual access patterns
Triaged severity with notifications to maintainers
Post-incident review and action items to prevent recurrence