BatchBook

Security

How we protect your data and keep BatchBook secure.

Last updated: February 23, 2026

Our Commitment

At BatchBook, security is foundational to how we build and operate our platform. We implement industry-standard security practices to protect your data throughout its lifecycle. This page provides an overview of the measures we take to keep your information safe.

Infrastructure Security

BatchBook is built on a modern, secure infrastructure stack:

  • Database: Supabase (SOC 2 Type II compliant) with Row Level Security (RLS) policies enforcing data isolation between users at the database level
  • Hosting: Vercel with built-in DDoS protection, automatic HTTPS, and edge network distribution
  • Encryption in transit: All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher
  • Encryption at rest: All stored data is encrypted using AES-256 encryption
  • Network isolation: Database access is restricted to authorized application services only, with no direct public access

Access Controls

We enforce strict access controls at every level:

  • Authentication: Secure authentication powered by Supabase Auth with support for email/password and OAuth providers
  • Row Level Security: Database-level policies ensure users can only access their own data, even if application-level controls were bypassed
  • API security: All API endpoints require authentication and enforce authorization checks
  • Team access: Internal access to production systems is restricted to essential personnel with role-based permissions
  • Secret management: All credentials, API keys, and secrets are stored in encrypted secret management systems, never in source code

Payment Security

All payment processing is handled by Stripe, a PCI DSS Level 1 certified payment processor. BatchBook never stores, processes, or has access to your full credit card numbers. All payment data is transmitted directly to Stripe using their secure, tokenized payment system.

Security Practices

We maintain ongoing security through:

  • Periodic security reviews: Regular reviews of our codebase, dependencies, and infrastructure configurations
  • Vulnerability assessments: Ongoing assessment of potential vulnerabilities through automated scanning and manual review
  • Dependency monitoring: Automated alerts for known vulnerabilities in third-party packages
  • Secure development: Security-conscious development practices including code review, input validation, and output encoding
  • Incident response: Documented procedures for detecting, responding to, and recovering from security incidents

Data Protection

Your data is protected by multiple layers of security:

  • Data minimization: We only collect the data necessary to provide the service
  • Automatic backups: Regular automated backups with point-in-time recovery capability
  • Data isolation: Multi-tenant architecture with strict data isolation between organizations
  • Deletion: When you delete your account, your data is permanently removed within thirty (30) days

Vulnerability Reporting

We take security vulnerabilities seriously. If you discover a potential security issue, please report it responsibly:

  • Email security@batchbook.io with details of the vulnerability
  • Include steps to reproduce the issue, if possible
  • We will acknowledge your report within 48 hours
  • Please allow us reasonable time to investigate and address the issue before public disclosure

We appreciate the security research community and are committed to working with researchers who report vulnerabilities responsibly.