How we protect your data

In transit: Every request — sign-in, data read, photo upload, outreach — uses TLS 1.3 over HTTPS. Forced by Vercel at the edge; we never serve plaintext HTTP.

At rest: Your database is encrypted with AES-256 via Supabase's managed Postgres on AWS RDS, which uses AWS KMS for key management.

Photos: Watch photos stored in Supabase Storage are encrypted at rest with AES-256. Their URLs use unguessable UUID paths.

Backups: Automated database backups are encrypted at rest and stored in a separate AWS region.

Application hosting: Vercel (SOC 2 Type II, ISO 27001). Edge network with automatic TLS certificate provisioning and DDoS protection.

Database, auth, storage: Supabase (SOC 2 Type II, HIPAA-compatible plans available). Built on AWS, hosted in the US-East region by default.

Daily backups: Automated by Supabase with 7-day point-in-time recovery on standard plans (extended on paid tiers).

Uptime monitoring: Both Vercel and Supabase maintain public status pages. We monitor both and respond to incidents within 24 hours.

Row-level security enforced by Postgres. Every table holding dealership data has policies that filter rows by your dealership membership. The policy runs on every SELECT, INSERT, UPDATE, and DELETE — there is no code path in our application that can return another dealership's data, even if our application code had a bug.

Membership lookups, not user matching. Data is scoped to your dealership, not your user account. When you invite a teammate, they see the same buyers and inventory you do — and only those.

Audited at the schema level. Every migration that adds a new table also adds the matching RLS policies — every policy is part of the auditable schema history.

Password-based sign-in via Supabase Auth. Passwords are hashed with bcrypt and never reach our application logs.

Session cookies: HttpOnly, Secure, SameSite cookies. JWTs rotate automatically.

Team roles: Owner, Admin, and Member labels with planned role-based enforcement (currently all team members have equal access within their dealership).

MFA: Two-factor authentication via TOTP/authenticator apps is on our roadmap and will be available in Settings within 30 days of this writing.

We don't sell your data. Ever. To anyone.

We don't share your data with third parties beyond the subprocessors listed below — and those are operationally necessary (hosting, database, etc.), not commercial.

We don't read your buyer notes, wishlists, or outreach messages. Our team has no access to your production data except for the database administrator on the WristBook side (currently the founder), who only accesses it for support requests you initiate.

We don't train AI models on your data. The AI watch recognition feature sends individual uploaded photos to Anthropic's commercial API, which contractually does not retain or train on inputs.

GDPR: We support the rights afforded under GDPR — access, export, rectification, erasure, and data portability. EU users can exercise these rights by emailing us.

CCPA / state privacy laws: Same rights extended to California residents and residents of other US states with comparable privacy laws (Colorado, Virginia, Connecticut, Utah).

Underlying infrastructure: Our hosting and database providers (Vercel + Supabase) maintain SOC 2 Type II certifications. Reports available from them directly.

Application-level SOC 2: Not currently certified — this is a stage-appropriate gap for an early-stage SaaS, and on our roadmap for when we reach scale. We'd rather tell you the truth than claim a certification we don't have.

Export: Email us and we'll deliver a full export of your dealership's buyers, inventory, wishlists, deals, and matches in CSV or JSON within 7 days. Self-serve export is on our roadmap.

Deletion: Account deletion is permanent and irreversible. Email us and we'll fully remove your dealership's data — including from backups within 30 days, per our retention policy.

Portability: Your buyer list, inventory, and deal history belong to you. If you ever leave, you take it with you — no lock-in, no fees.