Security.

All data transmitted between your device and our servers is encrypted using HTTPS/TLS.

Data at rest is encrypted using the default encryption provided by our infrastructure provider (Supabase on AWS).

Voice ordering data is processed securely and not stored after transcription is complete.

User authentication is handled by Supabase Auth, which supports email/password and magic link sign-in.

Team members access the system via organization-specific access codes, reducing the need for individual credentials in operational settings.

Session tokens are securely managed and expire after a configurable period of inactivity.

Access is scoped to organizations. Users can only view and modify data within their own organization.

Role-based permissions (admin, manager, member) control what actions each team member can perform.

Organization administrators can create, revoke, and manage access codes for their team.

We follow the principle of least privilege for internal access to production systems.

Application dependencies are regularly updated to address known vulnerabilities.

We monitor for unauthorized access attempts and anomalous activity patterns.

If you discover a security vulnerability, please report it to us immediately.

Email security concerns to babytunalovessushi@gmail.com with the subject line "Security Vulnerability Report."

We will acknowledge receipt within 48 hours and work to address valid reports promptly.

We ask that you not publicly disclose vulnerabilities until we've had a reasonable opportunity to address them.