Infrastructure
- Application hosting on Vercel with environment variables stored in the encrypted secret store.
- Primary database and storage on Supabase (Postgres + Storage) with row-level security policies.
- Automated daily backups plus manual snapshots prior to each production deploy.
- All traffic served over HTTPS; Supabase/Postgres connections use TLS.
Operational Practices
- Single maintainer access secured with MFA on GitHub, Vercel, and Supabase accounts.
- Manual log reviews (Supabase Observability + Vercel logs) after deploys and during daily check-ins.
- Documented deployment & rollback playbook — see Maintenance Checklist.
- Feature changes deployed through staging first; smoke tests run before and after prod releases.
Data Handling
- User content is only used to power workspace features (dashboards, exports, summaries).
- Access limited to workspace members; operational access restricted to maintenance tasks.
- Deletion requests honoured by removing active records and letting backups expire in their normal rotation.
- Email support channel (hello@drovedia.com) for export or purge requests.
Upcoming Improvements
- Automated alerting integrations when traffic/errors spike.
- Audit logging & change history enhancements within the app.
- Periodic third-party security review as the user base grows.
Questions
Need more detail? Reach out at hello@drovedia.com and we’ll respond within two business days.