Security

Security is foundational to Northwind Metrics. We handle sensitive financial information, and we engineer the platform to protect it. This page describes how.

Infrastructure

The Service runs on managed cloud infrastructure. Application data, authentication, and file storage are hosted on Supabase (PostgreSQL); the application is hosted on Lovable.

Encryption

Data is encrypted in transit using TLS/HTTPS and at rest using our hosting providers' managed encryption.

Access controls & tenant isolation

We enforce row-level security (RLS) at the database so each account can access only its own data, and we follow least-privilege access internally. Public surfaces (our marketing site and the "Ask Northwind" assistant) are isolated from authenticated customer data — for example, lead submissions can be created by the public but are readable only by authorized administrators.

Authentication

Accounts are protected by our authentication provider (Supabase Auth). Passwords are stored only as salted hashes, and we provide secure password reset.

QuickBooks — read-only

QuickBooks connections use read-only access. We retrieve only the data needed to produce your reports and insights; we never write to, modify, or delete anything in your books, and you can disconnect at any time.

Payments

Payments are processed by Stripe, a PCI-DSS Level 1 certified provider. Card numbers are entered directly with Stripe and are never stored on our systems.

AI data handling

AI features are powered by Anthropic (Claude) via its API. Only the data needed to answer your request is sent for processing. Anthropic does not use API data to train its models, and we do not use your financial data to train any model.

Backups & reliability

Customer data is backed up by our managed database provider to support recovery.

Compliance posture

The platform is designed in alignment with SOC 2 principles — security, availability, and confidentiality.

Your part

Security is shared. Use a strong, unique password, keep your credentials private, and notify us immediately of anything suspicious.

Report a vulnerability

Found a security issue? Email hello@northwindmetrics.com with the details and we'll respond promptly. Please don't publicly disclose an issue until we've had a chance to address it.