SECURITY & DATA PROTECTION

How we protect your data.

Ripazo runs on a privacy-by-default architecture. The sections below summarise our technical and organisational measures. For the full agreements, see our Privacy Policy and Data Processing Agreement.

Last reviewed: 2026-05-15 · Version 1.1

Data residency

All customer data is stored on Supabase infrastructure in the EU-Central-1 (Frankfurt) region. Data does not leave the European Economic Area at rest, and does not leave the European Economic Area in transit between Ripazo systems. Cross-region replication for backups stays within the same EU region. Media uploads (photos, documents) are stored in Supabase Storage buckets pinned to the same region, so a single GDPR data-residency commitment applies to your entire account.

Encryption

Data is encrypted in transit using TLS 1.3 with strict-transport-security and preloaded HSTS. Data at rest is encrypted using AES-256. Uploaded media, including photos and documents, is stored with object-level encryption in Supabase Storage, with separate encryption keys per bucket. Internal traffic between application services and the database is encrypted on the Supabase network. We do not maintain any unencrypted copies of production data on developer laptops or local environments.

Access controls

Property data is accessible only to users explicitly invited by the property owner. Ripazo operates on row-level security at the database layer, which means no Ripazo employee can read your property data without an explicit, logged support request and your explicit consent. There are no public property profiles, no search indexes, and no third-party advertising integrations. Employee access to production systems is limited to a named on-call rotation, gated behind single sign-on with hardware-key 2FA, and every privileged action is written to an append-only audit log.

Authentication

Accounts use passwordless email-link authentication backed by Supabase Auth. Sessions are stored in HTTP-only, secure, same-site cookies with appropriate expiry, and the underlying JWTs are signed with keys held by Supabase, not by Ripazo application code. Two-factor authentication is on the roadmap for the second half of 2026, beginning with TOTP and adding WebAuthn shortly after. Account recovery routes through the same email-link flow with rate limiting to prevent enumeration, and we never disclose whether a given email address has an account in any public response. Suspicious authentication patterns trigger automatic step-up challenges and security notifications to the affected account.

Data portability and deletion

Account holders may export all associated data at any time from account settings. Deletion is initiated from the same screen and removes all personal data within 30 days, in accordance with GDPR Article 17. Anonymised, aggregated analytics may be retained for service health monitoring. Backup copies of deleted accounts age out within the standard backup retention window, after which no copy of your data remains on Ripazo systems. We also accept deletion requests by email at info@ripazo.com for users who have lost access to their account.

Backups and disaster recovery

Production databases are backed up continuously, with point-in-time recovery available for 7 days and full daily snapshots retained for 30 days. Backups are encrypted at rest in the same EU region as the primary database, and the encryption keys are managed separately from the backup blobs so that a compromise of one does not imply a compromise of the other. Disaster-recovery procedures are tested at least once per quarter, including a full restore to a clean environment, with a documented recovery time objective of four hours and a recovery point objective of fifteen minutes. Test results, including any deviations from the targets, are reviewed by engineering leadership and feed back into the runbook.

Incident response

Security incidents affecting customer data are disclosed to affected account holders without undue delay, and in any case within 72 hours of becoming known to us, in accordance with GDPR Article 33. Disclosure includes the nature of the incident, the data categories affected, the likely consequences, and the measures taken or proposed. Our incident response runbook is reviewed quarterly. Suspected vulnerabilities can be reported to info@ripazo.com; we acknowledge every report within one business day and publish a postmortem on confirmed incidents that affected customer data.

SUB-PROCESSORS

Ripazo engages the following providers under signed data-processing agreements. The complete list, including processing purpose and jurisdiction, is published at the link below.

  • Supabase, EU hosting and auth
  • Vercel, edge delivery
  • Stripe, payment processing
  • Resend, transactional email
  • PostHog, product analytics
See full sub-processor list
FULL LEGAL DOCUMENTATION

Reporting a vulnerability

info@ripazo.com. PGP key available on request. We respond within one business day.

Email info@ripazo.com