Security
Last updated 24 June 2026 · Version 0.1 (draft)
Current build vs target
The app you are using today stores records locally in your browser on your own device. Nothing is transmitted to a PatchProof server. This is private by design but device-bound: clearing the browser removes the data, so export regularly.
The production architecture below is being rolled out as accounts and sync are enabled.
Where data lives
- Database and file storage: Supabase, EU region (Ireland).
- Website hosting and CDN: Netlify.
- Payments: Stripe (we never store card numbers).
How it is protected
- Encryption in transit (HTTPS/TLS) everywhere.
- Encryption at rest on the database and file storage.
- Per-practitioner isolation enforced at the database level (row-level security), so one account cannot read another's records.
- Passwordless login via email magic links, reducing password-related risk.
- Least-privilege access for our team; production access is restricted and logged.
Record integrity
Patch-test responses are timestamped and fingerprinted (SHA-256) and photos carry a capture-freshness check, so the audit trail is tamper-evident — that is the point of the product.
Retention
Records are retained for 7 years by default to support insurance and claims, then deleted. You can request earlier erasure subject to the Privacy Policy.
Sub-processors
| Provider | Purpose | Region |
|---|---|---|
| Supabase | Database & storage | EU (Ireland) |
| Netlify | Hosting/CDN | EU edge |
| Stripe | Payments | UK/EU |
| Twilio | WhatsApp reminders | UK/EU |
| Sentry | Error monitoring | EU |
Breach response
If a personal-data breach occurs we will assess it without undue delay, notify the ICO within 72 hours where required, and inform affected users where there is a high risk to their rights. Report a suspected vulnerability to [security@patchproof.co.uk].