Security

IT Trackr is hosted on Vercel (application layer) and Supabase (database, authentication, and file storage). Supabase runs on AWS infrastructure in EU regions, ensuring your data stays within the European Economic Area.

User authentication is handled by Supabase Auth with bcrypt password hashing. We support two-factor authentication (TOTP) for additional account security.

Row-level security (RLS) policies are enforced at the database level, ensuring that each user can only access data belonging to their organisation — even if application-level checks were bypassed.

All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher. Data stored in the database and file storage is encrypted at rest using AES-256.

Documents uploaded to IT Trackr (receipts, warranty documents) are stored in private Supabase Storage buckets. Files are not publicly accessible and require authentication to retrieve.

The database is backed up daily with point-in-time recovery available. Backups are stored in geographically separate locations. In the event of data loss, we can restore to any point within the retention window.

If you discover a security vulnerability in IT Trackr, please report it responsibly to security@ittrackr.com. We ask that you do not publicly disclose the issue until we have had a reasonable opportunity to investigate and address it.

We take all security reports seriously and aim to respond within 48 hours.

For any security-related questions, contact us at security@ittrackr.com.