UpScale.buildYour project data is protected
UpScale.build handles sensitive financial data for property developments. We take security seriously — here's exactly how we protect your information.
Encryption at rest and in transit
All data is encrypted using AES-256 at rest and TLS 1.3 in transit. Database connections use SSL certificates. No data travels unencrypted.
Complete data isolation
Every organisation's data is fully isolated through PostgreSQL Row-Level Security (RLS) policies. One organisation cannot access another's data — this is enforced at the database level, not the application level.
Role-based access control
Admins control who can access what. Team members see only the projects they're assigned to. The Client Portal provides read-only access for external stakeholders without requiring an account.
Secure authentication
Authentication is handled by Supabase Auth with bcrypt password hashing, JWT tokens, and configurable session policies. Password reset flows use time-limited, single-use tokens.
Australian data residency
Application infrastructure runs on Vercel's Sydney edge network. Database and authentication services are hosted by Supabase. Your project financials stay in Australian jurisdiction.
No third-party data sharing
We do not sell, share, or provide your data to third parties. Your project data is used solely to provide the UpScale.build service. We do not use your data for AI training.
Security headers and HTTPS
All pages are served over HTTPS with HSTS preloading. Security headers include Content-Type-Options, Frame-Options, Referrer-Policy, and Permissions-Policy enforcement.
Automated backups
Database backups are performed automatically by Supabase with point-in-time recovery. Backups are encrypted and stored separately from production data.
Questions about security?
Contact us at hello@upscale.build — we're happy to discuss our security practices in detail.