Security And Privacy Overview

AlliedSpace uses managed hosting and storage providers that encrypt traffic in transit with HTTPS/TLS and encrypt stored data at the platform layer. Uploaded documents are kept in private Supabase Storage, not public static assets.

The app uses Supabase Auth, required authenticator MFA for workspace users, a 30-minute idle sign-out, organisation-scoped data, database-level Row Level Security, and server/database access helpers. Practitioners are limited by role and client assignment, while organisation admins have broader access inside their organisation.

Uploaded documents are stored privately and accessed through app-mediated download routes. Sensitive documents are not public static assets.

Important workflows create activity log events. Client workspace views and document preview/downloads create safe access events with actor, organisation, client, document ID where relevant, action, timestamp, and mode. Log metadata avoids document names, case notes, AI prompts, and file contents.

Supabase provides database backups for the Sydney project. Uploaded document objects are backed up separately to private Cloudflare R2 according to the document backup process. Current recovery coverage is documented through the database backup, document backup, and restore-drill runbooks.

Current subprocessors include Supabase, Vercel, Resend for email delivery, Stripe for subscription billing, Cloudflare, OpenAI for optional voice transcription and AI SOAP drafting, and Google Sheets for provider contact and mailing-list management. Voice transcription sends temporary audio for speech-to-text conversion, while AI drafting sends prepared case-note content and limited session context for the SOAP workflow. These workflows use rate limits, human review, and subprocessor records documented for the current app.

Sensitive and expensive workflows use rate limits. Client error reporting is same-origin checked, size-limited, rate-limited, and scrubbed before operational review.

Security and privacy controls are reviewed as the platform changes. AlliedSpace keeps internal evidence records and review tasks so public trust claims stay tied to current app behaviour.

For support, privacy, security, or walkthrough enquiries, contact support@alliedspace.com.au.