§ 01
Access control
Every request is authenticated through Supabase SSR sessions. Protected routes enforce auth middleware. Row Level Security policies on PostgreSQL ensure tenant data isolation at the database layer.
§ 02 — Security
How we protect your data.
How Bidzo protects your data through access control, encryption, audit logging, and secure development practices.
§ 02
Encryption
All traffic is encrypted in transit via TLS. Sensitive credentials and tokens are encrypted at rest. OAuth tokens for third-party integrations use encrypted storage with scoped access.
§ 03
Audit logging
All significant actions are recorded in an append-only audit log with actor identity, timestamp, before/after state, and target reference. Audit records cannot be modified or deleted.
§ 04
Secure development
Bidzo follows OWASP Top 10 alignment. XSS protections, input validation, CSRF prevention, and open redirect fixes are built into the development workflow. TypeScript strict mode is enforced across the codebase.
§ 05
Dependency management
Dependencies are audited regularly. Known vulnerabilities are patched promptly. The build pipeline validates TypeScript compilation and lint rules before deployment.
§ ✕ — Direct line
Questions about our policies? We answer directly.
Reach our DPO at [email protected] or talk to a founder. Transparency is operating discipline, not a marketing line.