Legal

Security

Protecting your data is fundamental to how we build and operate PitWorks. Here is an overview of the measures we have in place.

Infrastructure

PitWorks is hosted on premium cloud infrastructure with encryption for data at rest and in transit. Our database partner Supabase provides automated backups, point-in-time recovery, and network isolation.

Authentication

User authentication is handled through Supabase Auth, supporting email and password login. Passwords are hashed using modern standards and session management uses secure, HTTP-only cookies.

Access Control

PitWorks implements role-based permissions (Owner and Technician) enforced at both the application and database layers. Row-level security policies prevent users from accessing data outside their workshop.

Data Isolation

Each workshop's data is logically isolated at the database level. All queries are automatically scoped to the authenticated user's workshop, ensuring complete tenant separation.

Encryption

All data in transit is encrypted using TLS 1.2 or higher. Data at rest is encrypted using AES-256. API credentials and integration tokens are stored securely and are never exposed to front-end code.

Third-Party Integrations

Connections to external services such as Xero, Google Drive, OneDrive, and Dropbox use OAuth 2.0. We never store third-party passwords. Integration tokens are encrypted at rest and can be revoked by the user at any time.

Vulnerability Reporting

If you discover a security concern, please contact us at jarred@jetworks.ai. We take all reports seriously and will respond promptly.