Built defensively. Audited often.

How Druma protects your fleet data, your drivers' personal data, and your carrier relationships — without overselling.

Multi-tenant isolation (RLS)

Every table that holds tenant data is protected by Postgres row-level security policies scoped to user_company_ids(). No application-layer filtering — the database itself refuses cross-company reads. Audited end-to-end with a dedicated 30-test isolation suite.

EU data residency

All data — Postgres, storage, and Edge Functions — is hosted by Supabase in the EU. No transatlantic transfer for operational data. Resend (transactional email) is the one US sub-processor under SCCs and is being migrated to an EU-only provider.

JWT + role-based access

Every Edge Function validates the caller's JWT, looks up roles via SECURITY DEFINER RPCs, and enforces company membership. Cron jobs use a separate CRON_SECRET. Webhooks verify HMAC-SHA256 signatures. Generic error responses — no internal detail leaked.

AI: Vertex AI Enterprise (EU)

Smart Import, inbound invoice ingestion, and Ask Druma all use Gemini via Vertex AI Enterprise in europe-west1. Enterprise terms guarantee customer data is never used for model training. AI Disclosure publicly available.

Audit logging

Every state change on orders, invoices, fleet documents, and admin actions is recorded in audit_log with the caller's identity, timestamp, and old/new values. Forwardable to your SIEM if needed.

Error monitoring

Production runtime errors flow through Sentry. Suspicious upload patterns, signup rate limits, and security-sensitive Edge Function failures land in alerts. No tracking pixels — Druma's marketing site explicitly does not run analytics.

Optional 2FA + idle timeout

Per-company TOTP enforcement, configurable session idle timeout (with a 2-minute warning banner before logout), and signup rate limiting. Carrier portal tokens auto-expire after 30 days.

Storage hardening

Every storage bucket has explicit file_size_limit + allowed_mime_types at the database level, plus company-scoped RLS using path-prefix UUID matching. Client-side and server-side MIME validation on every upload helper.

Hardened deploys

Migrations and Edge Functions auto-deploy from main via GitHub Actions — no manual production access. PR validation gates (tsc, vitest, build, i18n lint) must pass before merge. Three full-stack security audits completed by April 2026.

Procurement-ready paperwork

Druma's Data Processing Agreement, Privacy Notice, sub-processor list, and AI Disclosure are publicly available — no NDA required to read what we do with your data.

// SECURITY POSTURE

HOSTING: Supabase EU (Postgres + Storage + EFs)

ISOLATION: Row-level security per company

ENCRYPTION: TLS 1.3 in transit · Supabase-managed at rest

AUTH: JWT (Supabase Auth) · TOTP optional · OAuth Google/Microsoft

AI: Vertex AI Enterprise · europe-west1 · no training opt-in

AUDITS: 3 full-stack passes · April 2026

SOC 2: Type II planned · not yet certified

STATUS: AUDITED, NOT CERTIFIED