Security
Every company's data is fully scoped at the database layer. PIN-based access. Strict audit trails on every movement.
TerraTrack enforces row-level security at the database level. A user logged in to one company physically cannot read another company's items, jobs, suppliers, or movements. The same protection applies to our AI assistant · it scopes its inventory context to the caller's company on the server, never trusting client-supplied IDs.
Field crews authenticate with a 4-digit PIN tied to their team-member record. PINs are hashed with bcrypt; we never store plaintext. Admins can deactivate a member instantly if a phone is lost.
Data is encrypted in transit (TLS) and at rest. Hosting runs on Lovable Cloud, which is built on Supabase and deployed to Cloudflare's edge. Daily automated backups.
Every stock movement records who, when, where from, where to, and why. Movements are append-only · they cannot be silently edited or deleted, only adjusted with a new compensating movement.