Infrastructure Security
SOC 2 Type II Certified Infrastructure
Hosted on Supabase's SOC 2 Type II audited cloud platform
AES-256 Encryption at Rest
All claim data encrypted at the database level
TLS 1.2+ In Transit
Every connection encrypted end-to-end
Automated Daily Backups
Point-in-time recovery across all environments
24/7 Infrastructure Monitoring
Platform-level monitoring by Supabase's operations team
Application Security
Row Level Security on Every Table
Database-enforced tenant isolation — not application-level, database-level
Edge Function Isolation
Each API endpoint runs in its own sandboxed Deno runtime. No shared server state
Deny-by-Default Access Control
Employer, admin, and service roles with explicit permission grants
Zero Client-Side PII
All sensitive data stays server-side. Widgets are display-only
Full Claim Audit Trail
Every action on every claim logged from day one. Tamper-evident event chain
Reimbursa handles government workforce funding data. We architect for that responsibility.