Security and privacy

Built for sensitive supervised-visitation operations

Visit Bridge uses role-based access, tenant-aware database policies, audit logging, and operational release checks for organizations that manage child, family, court, and supervisor records.

Tenant isolation

Supabase Auth, company memberships, role checks, and row-level security policies isolate company data.

Audit trail

Sensitive actions write audit events through a database RPC that derives actor identity from the authenticated session.

Attachment handling

Uploads are private, company-scoped, extension/MIME-validated, content-sniffed, and served through short-lived signed URLs.

Operational readiness

Release gates include linting, typechecking, unit tests, coverage, production builds, e2e smoke tests, and a health endpoint.

Buyer review packet

Privacy, retention, support access, backup, deployment, and incident response documents are maintained in the release packet and should be reviewed with counsel and customer stakeholders before processing real production records.