Trust & Security
Last updated: 2026-05-25. Every claim here is something we actually do — nothing aspirational.
Data security
- ·Row-Level Security (RLS) on every database table — you can only ever read or write your own projects.
- ·All traffic over TLS; HSTS enforced. Data stored in Supabase (Postgres) in us-west-1.
- ·We never store card numbers — payments run entirely through Stripe.
- ·Service-role credentials are server-only and never exposed to the browser.
Privacy
- ·Your designs are yours. Export (PDF/SVG/CSV) or delete your account and all data from Account Settings at any time.
- ·Product analytics (PostHog) use a hashed identifier — we don't put your email in event data.
Sub-processors
- ·Supabase (database, auth, storage) · Vercel (hosting) · Stripe (payments) · PostHog (analytics) · SiteGround (email) · Anthropic (optional AI assistant).
Compliance posture — read this honestly
- ·CircuitProof is not SOC 2 certified and does not claim to be. We'll say so plainly until we are.
- ·Generated reports are design documentation, not a P.Eng-stamped drawing. Verify with a licensed professional before installation.
Security contact
- ·Report a vulnerability or ask a question: powerlab@marinepowerlab.com. We respond within 3 business days.
A MarinePowerLab product.