Security
Security at Prenuply
Prenuply handles sensitive personal and financial information, so security is a top priority. We use layered safeguards, trusted service providers, and restricted access to protect your data.
Data Encryption
Data transmitted to and from Prenuply is protected with TLS/SSL where supported. Application data stored with our database and storage provider is encrypted at rest using provider-managed controls.
Provider-Backed Infrastructure
Prenuply is hosted on Render and Supabase, providers with published security and compliance programs. Production secrets are kept server-side, and development and production environments are separated.
Access Controls
Admin API routes require authentication and an admin role check. User-facing requests are scoped through authenticated sessions, ownership checks, and database policies, and service role credentials are not exposed to the browser.
Privacy-Safe Monitoring
Sentry error and performance monitoring is configured with default PII collection disabled and account identifiers attached for authenticated diagnostics. Mixpanel session recording is configured to hide all PII and sensitive document content while preserving non-sensitive product interaction context.
Payment Security
Prenuply does not store full payment card details or PayPal account credentials. Payments are processed through payment providers including Stripe and PayPal.