Skip to main content
Patnick

Legal · Patnick

Security & Compliance

Last updated: April 22, 2026 · Effective immediately on publication

Plain-English summary

Patnick is built on Supabase (Postgres) and Vercel, both with primary regions in the EU. Customer data is encrypted in transit (TLS 1.3) and at rest (AES-256) by our underlying providers. We follow least-privilege access internally and publish a clear path for reporting security issues.

Hosting and data residency

Application traffic is served from Vercel's edge network. Our primary database (Supabase / Postgres) and persistent storage are located in the European Union. Backups inherit the same residency.

Encryption

  • In transit: TLS 1.3 enforced on all customer-facing endpoints. HSTS is set on the production domain.
  • At rest: Storage is encrypted with AES-256 by our infrastructure providers (Supabase / Vercel).
  • Secrets: API keys, OAuth tokens, and webhook secrets are stored in environment variables and never written to source control.

Access control

Customer data is scoped per-account via Supabase Row Level Security (RLS). Internal admin access is restricted to a short list of named accounts and is auditable via Supabase logs. Service-role keys are only used server-side.

Data retention and deletion

You can request export or deletion of your data at any time by writing to legal@patnick.com. Confirmed deletion requests are completed within 30 days. See our Privacy Policy for the full data lifecycle.

Vulnerability disclosure

We welcome reports from independent researchers. Please email legal@patnick.com with the subject "Security report". Include reproduction steps, the affected URL or endpoint, and your preferred contact for follow-up. We aim to acknowledge reports within two business days. We do not currently run a paid bug bounty program.

Please do not perform testing that would degrade service for other users (DDoS, brute-force at scale, social engineering of staff). Test against accounts you own.

Subprocessors

A current list of subprocessors is available on request. Core infrastructure today: Supabase (database, auth, storage), Vercel (hosting), Stripe (payments), Anthropic and OpenAI (LLM features), and transactional email providers as needed.

Questions about this policy?

Contact us at legal@patnick.com. We read every email and reply within 2 business days.