Data Security
Your data and your tenants' data are your most important assets. Here's exactly how we protect them.
Encryption at Rest
All data stored in our database is encrypted at rest using AES-256. Backups are also encrypted before storage.
Encryption in Transit
All communication between your browser and our servers is encrypted using TLS 1.2+. We enforce HTTPS across all endpoints.
Secure Infrastructure
Hosted on Supabase (PostgreSQL) backed by AWS, with enterprise-grade security controls including network isolation and access logging.
Authentication
Sessions are protected with cryptographically signed JWTs. Passwords are hashed with bcrypt (cost factor 12) and never stored in plain text.
Role-Based Access
Every user has a role (Admin, Owner, or Tenant) with strict permissions. Users can only access data relevant to their building and role.
Regular Backups
Database backups are performed daily and retained for 7 days. Point-in-time recovery is available for the previous 24 hours.
Vulnerability Reporting
If you discover a security vulnerability, please report it responsibly by emailing security@barishamlai.app. We take all reports seriously and will respond within 48 hours.
Third-Party Services
We use Supabase for database hosting, Brevo for transactional email, and Vercel for application hosting. Each provider is evaluated for security compliance. We do not share data with advertising networks or data brokers.
Incident Response
In the event of a data breach affecting your personal data, we will notify you within 72 hours of becoming aware of the incident, describing what happened, what data was affected, and what steps we are taking.
Compliance
Bari Shamlai is operated in compliance with applicable Bangladeshi data protection guidelines. We continually review our practices to align with evolving best practices.
Questions
For security-related questions, email us at security@barishamlai.app.