All About That Base, 'Bout That Base

We got the Supabase. And every other security trick in the book.

We Got Your Asses Covered

Will we ever get hacked? Not likely. There's always that one-in-a-million chance, but we've done everything humanly possible to make sure your data—user passwords, payment details, customer info—is locked down tighter than a duck's backside.

Multi-Tenancy Done Right

Supabase PostgreSQL with RLS

We use Supabase's PostgreSQL with Row Level Security (RLS) policies. This means your data is isolated at the database level—not just in application code. Even if someone somehow bypassed our API, they'd hit a brick wall at the database.

Organization Isolation

Every query is scoped to your org. You can't see anyone else's data. Period.

Role-Based Access

Staff see what they need to see. Managers see more. Owners see everything.

Encryption Everywhere

Data in Transit

Everything is encrypted with TLS 1.3. From your browser to our servers, from our servers to the database, from terminal to terminal in our P2P mesh.

TLS 1.3 + AES-256-GCM

Data at Rest

Supabase encrypts all data at rest using AES-256. Your database backups? Encrypted. Your file uploads? Encrypted. Even the logs are encrypted.

AES-256 encryption

Payment Data? We Don't Touch It

We integrate with Stripe, PayPal, Square, and SumUp. When you process a payment, the card details go straight to them—not through our servers. We never see, store, or handle your customers' payment information.

PCI DSS Compliance?

We don't need it because we don't handle card data. Our payment partners (Stripe, PayPal, etc.) are all PCI Level 1 certified. You get the compliance without the headache.

Authentication & Access Control

Hashed & Salted Passwords

We use bcrypt with a cost factor of 12. Your passwords are hashed and salted before they even hit the database. We couldn't read them if we wanted to.

JWT Tokens

Session tokens are signed JWTs with short expiration times. They're validated on every request and automatically refresh to keep you logged in securely.

Role-Based Permissions

Granular permissions at every level. Staff can't access admin functions. Managers can't see other locations. It's all locked down by role.

Infrastructure & Hosting

EU Data Centers

All data is stored on Supabase servers located in the European Union. GDPR compliant by default. Your data never leaves EU jurisdiction.

Automated Backups

Daily automated backups with point-in-time recovery. If something goes wrong, we can restore your data to any moment in the last 30 days.

Every Trick in the Book

SQL injection prevention (parameterized queries)

XSS protection (Content Security Policy)

CSRF tokens on all state-changing requests

Rate limiting to prevent brute force attacks

Input validation and sanitization

Secure session management

Regular dependency updates and security patches

Environment variable isolation

API key rotation and management

Audit logging for sensitive operations

The Honest Truth

Look, no system is 100% unhackable. Anyone who tells you otherwise is lying. But we've implemented every industry best practice, used battle-tested technologies, and designed our architecture with security as the foundation—not an afterthought.

We use the same security stack as companies handling billions in transactions. Supabase powers apps used by millions. PostgreSQL is trusted by banks. Our encryption is military-grade. Our authentication is rock-solid.

Your data is as safe with us as it would be anywhere else—and safer than most.

Security Questions?

If you have specific security concerns or need a detailed security audit, get in touch.

security@tablecore.app

TableCore Assistant

Online

Hi there! 👋 I'm your TableCore assistant. How can I help you today?