Tropix
TropixPalm

Security & data handling

Last updated May 19, 2026

A short, honest summary of how TROPIX keeps customer data safe.

Workspace isolation

Every read and write goes through Supabase row-level security (RLS) using your authenticated session. A user cannot see or modify another workspace's data — every analytical query is scoped to workspace_id at the database level, regardless of UI gating.

Authentication

Magic-link sign-in via Supabase Auth. Sessions are stored in HTTP-only cookies and refreshed by middleware on each request. Sign-out clears the session both client- and server-side.

Roles

  • OWNER / ADMIN — can delete runs, change the workspace plan, manage members.
  • PLANNER — can upload, create tasks, manage capital-unlock actions.
  • VIEWER — read-only.

Role checks happen server-side, not just in the UI.

Audit trail

Sensitive actions write to audit_logs: run deletion, plan changes, settings updates, capital-unlock CRUD, workspace bootstrap. Audit logs are workspace-scoped and visible to members.

Encryption

TLS in transit on every request. Postgres at rest is encrypted via Supabase's infrastructure. Stripe customer data is encrypted and tokenized — TROPIX never sees raw card numbers.

Deletion

Run deletion is soft by default (deleted_at stamp) so we can investigate if needed. Soft-deleted data is purged after 90 days. Workspace deletion cascades through every related row (runs, items, calculations, tasks, capital unlock actions, audit logs).

What we don't do

  • We don't train ML models on customer inventory.
  • We don't sell or share inventory data with any third party beyond the sub-processors listed in the privacy policy.
  • We don't store stack traces or error logs that include raw uploaded SKU rows.

Account & workspace deletion

Workspace OWNERs can permanently delete the workspace from Settings. Deletion cascades through every related table (runs, items, calculations, tasks, capital-unlock actions, audit logs) and cannot be undone. You can also delete your entire account from the Danger Zone in Settings — that removes your auth record and cascades every workspace where you are the sole owner. Both deletions are immediate and irreversible.

Compliance roadmap

TROPIX is pre-certification today. Where we're heading:

  • SOC 2 Type I — kicking off audit prep in Q3 2026. We're mapping controls now (access reviews, change management, vendor risk, incident response). Type II follows after 6 months of evidence collection.
  • GDPR — workspace-level data export and deletion available today. Data processing agreement (DPA) available on request. EU data residency on the roadmap; ping us if your procurement team needs it before signature.
  • CCPA — same data-subject rights as GDPR. Email security@ to file a request.
  • Data residency — TROPIX Palm currently runs in Supabase's US-East region. We'll add EU and APAC regions alongside SOC 2 Type II.
  • Sub-processors — listed in the privacy policy and updated when they change. Supabase, Stripe, Anthropic (for PRO+ AI insights).

If your security or procurement team needs a specific control documented before signing, email security@ — we'll send a written response within 2 business days.

Reporting a security issue

Email security findings to the address on the contact page. We aim to acknowledge within 2 business days. We do not currently run a public bug bounty but will reward responsibly-disclosed findings with account credits while we set one up.