Security

Authentication

Tend uses Supabase Auth for user authentication. Passwords are hashed and salted by Supabase using bcrypt. Session tokens are stored in secure, HTTP-only cookies.

Data storage

Your home data is stored in a PostgreSQL database managed by Supabase. Row-level security policies ensure that users can only read and write their own data — your records are not accessible to other users.

File storage

Documents and photos are stored in Supabase Storage. Access is controlled by row-level security policies scoped to your account. Files are stored in the region where Supabase provisions storage.

Payments

Payments are processed by Stripe. Tend never handles or stores raw card numbers. Stripe is a PCI DSS Level 1 certified payment processor. Your billing information is stored and managed entirely by Stripe.

Transport security

All connections to Tend are served over HTTPS. We do not serve any content over unencrypted HTTP.

Infrastructure

Tend is hosted on Vercel. The database and file storage are managed by Supabase. Both platforms handle physical security, patching, and availability. We do not manage our own servers.

Account deletion

You can delete your account from your settings at any time. Account deletion removes your profile, all home data, documents, and your Stripe subscription. This action is irreversible.