Specific facts about where your trail book lives, how it's encrypted in transit and at rest, and how each organisation's records are isolated from every other.
Below are the architectural facts behind that. We don't claim certifications we don't hold, and we don't use phrases like "enterprise-grade" or "bank-level". If something here is unclear or you want documentation for a procurement review, email us — contact below.
TrailScope runs on Supabase (managed Postgres) hosted on AWS. The project is region-pinned to AWS Sydney — ap-southeast-2 — so trail data, backups and Edge Function execution all stay in Australia.
All connections to the application and database use TLS 1.2 or higher. Database storage is encrypted at rest with AES-256 via AWS-managed keys.
Every table that holds organisation-scoped data has Postgres Row Level Security enabled. The shared is_org_member() function gates every read and write — a query made by user A cannot return rows belonging to organisation B.
Sign-in is handled by Supabase Auth using email + password or Google / Microsoft OAuth. Within an organisation, members hold one of three roles: ADMIN, BROKER, VIEWER. Settings, member management, billing changes and account deletion are gated to ADMIN both in the UI and in the SQL policies.
Card numbers, expiry dates and CVCs never touch our servers. Subscriptions, card entry, plan changes and invoice history are all handled inside Stripe Checkout and the Stripe Customer Portal — TrailScope only stores a Stripe customer ID and the current plan / status.
Organisations on a paid plan can bring their own Anthropic, OpenAI or Gemini API key. Keys are stored with Postgres column-level grants so the authenticated role literally cannot SELECT the api_key column — the RPC that reads it runs as service-role inside an Edge Function, and only the last four characters are ever sent to the browser.
Email security@trailscope.com.au. We read every report. Please include reproduction steps and don't run automated scans against the production environment.
Email security team