Security

Security at Prenuply

Prenuply handles sensitive personal and financial information, so security is a top priority. We use layered safeguards, trusted service providers, and restricted access to protect your data.

Data Encryption

Data transmitted to and from Prenuply is protected with TLS/SSL where supported. Application data stored with our database and storage provider is encrypted at rest using provider-managed controls.

Provider-Backed Infrastructure

Prenuply is hosted on Render and Supabase, providers with published security and compliance programs. Production secrets are kept server-side, and development and production environments are separated.

Access Controls

Admin API routes require authentication and an admin role check. User-facing requests are scoped through authenticated sessions, ownership checks, and database policies, and service role credentials are not exposed to the browser.

Privacy-Safe Monitoring

Sentry error and performance monitoring is configured with default PII collection disabled and account identifiers attached for authenticated diagnostics. Mixpanel session recording is configured to hide all PII and sensitive document content while preserving non-sensitive product interaction context.

Payment Security

Prenuply does not store full payment card details or PayPal account credentials. Payments are processed through payment providers including Stripe and PayPal.