Security briefing

This briefing summarises the technical controls Grewp applies across Supabase, logging, and user management. Use it when answering security questionnaires or onboarding stakeholders.

Highlights

Row-level security with owner checks on groups, events, and RSVPs
pgcrypto applied to supporter details and sensitive attachments
Admin MFA enforced using Supabase Auth with quarterly audits
EU observability providers with 30-day retention defaults
Signed data processing agreement before adding external collaborators

Need deeper documentation?

See the accompanying Security & GDPR hub for templates, DPIA guidance, and contact details.