Skip to main content
Signplanr
Security-first platform

Your event data, protected at every layer.

Security is not an afterthought at Signplanr. It is foundational to how we design, build, and operate the platform — from database queries to file uploads to user access.

Security principles

Defence in depth

Multiple independent layers of protection, so no single failure compromises your data.

Least privilege

Every user, API call, and system process gets only the access it needs — nothing more.

Secure by default

Security is built into every feature from day one, not bolted on later.

Transparency

Audit trails and clear access controls so you always know who did what.

Data protection

  • All data encrypted in transit (TLS) and at rest.
  • Database-level isolation between organisations — no shared data leakage.
  • Row-level security policies enforce access boundaries at the database layer itself.
  • File uploads validated beyond file extensions to prevent malicious content.
  • Strict size limits and type restrictions on all uploads.

Access control

  • Role-based access control: owner, admin, member, and contractor roles with distinct permissions.
  • Invitations are email-verified, time-limited, and revocable.
  • Contractors only see the events and signs they are authorised for.
  • Account deactivation takes effect immediately across all sessions.
  • Optional sign assignment mode restricts contractor visibility to only their assigned work.

Infrastructure & operations

  • Hosted on Vercel and Supabase — enterprise-grade cloud infrastructure.
  • HTTPS enforced on all connections.
  • Rate limiting protects against brute-force and abuse.
  • Automated monitoring detects anomalous activity.
  • Background jobs authenticated with dedicated credentials.
  • Webhook payloads cryptographically verified before processing.

Audit & accountability

  • Every significant action is logged with who, what, and when.
  • Audit trail accessible to organisation admins.
  • Sign edit history tracks field-level changes over time.
  • Photo uploads and status changes attributed to individual users.
  • Superadmin actions are logged and auditable.

Your controls

You stay in charge of who has access and what they can see.

Manage team access

Add, remove, and change roles for organisation members at any time.

Revoke invitations

Cancel pending invitations instantly.

Remove contractors

Revoke contractor access to specific events.

Control visibility

Choose whether contractors see all signs or only their assigned ones.

Security questions?

If you have specific security requirements or questions, we'd love to hear from you.

Contact usStart for free