Trust & compliance

Security & policies

How we protect your pipeline data — and every customer-facing policy that governs a Billslash Reach account, in one place.

Encryption everywhere

TLS 1.2+ in transit and AES-256 at rest across Lovable Cloud, Supabase, and Cloudflare.

Least-privilege access

Row-Level Security on every customer-data table. SECURITY DEFINER role checks. TOTP MFA for all admins.

Continuous assurance

Dependency + SAST scans on every push, monthly DAST, annual third-party pen test, 24-month audit logs.

Report a vulnerability

Email security@billslash.app. We acknowledge reports within two business days and provide a remediation timeline within five.