Supabase
Authentication, PostgreSQL database, and file storage
Operating and account data; production database region EU Central (Frankfurt, Germany).
Security & trust
Provamar's primary production database and customer-file storage are hosted by Supabase in EU Central (Frankfurt, Germany), and application functions are configured to run in Vercel's Frankfurt region. Supabase is SOC 2 Type 2 compliant and ISO/IEC 27001:2022 certified; Vercel maintains a SOC 2 Type 2 attestation. These are controls and certifications of our service providers — they do not make Provamar certified. Application delivery, logs, notifications, billing, and optional AI processing may involve other locations under each provider's terms.
Production records are stored in a managed Supabase PostgreSQL project in EU Central (Frankfurt, Germany).
The website and application are deployed on Vercel. Traffic between your browser and Provamar uses HTTPS/TLS.
Database row-level security and organisation-scoped server actions restrict records to the organisation and role attached to the signed-in user.
Internal administration is role-gated. Sensitive support changes require a reason and are written to a tamper-evident audit trail; Provamar does not provide broad unaudited impersonation.
AI-assisted features send only the context needed for the requested task to the configured provider. AI-derived fields are identified, and operators remain responsible for reviewing them.
You can export records and request account deletion. Eligible data is erased after verification and a grace period; records subject to retention requirements may be retained or anonymised as described in the Privacy Policy.
The Privacy Policy explains the categories of data and processing. We update the public provider list when a core provider changes.
Authentication, PostgreSQL database, and file storage
Operating and account data; production database region EU Central (Frankfurt, Germany).
Website, application delivery, and serverless execution
Requests, application logs, and the data needed to execute each request.
AI-assisted extraction, summaries, and drafts
Anthropic receives relevant content only when an AI-assisted feature is invoked. AI output is decision-support and must be reviewed.
Report it privately so we can review and acknowledge it — machine-readable contact details live at /.well-known/security.txt or email us directly at todamoonbro@gmail.com.
Full terms, privacy policy, and disclaimer: Terms · Privacy · Disclaimer