Security is the first feature.

TLS 1.3 in transit. AES-256 at rest via Supabase. Secrets in Vercel + Supabase Vault with rotation.

Every database table enforces RLS. Access validated via pgtap tests that block merges.

Sentry error tracking, immutable audit log for sensitive actions, session replay on errors only.

SOC 2 Type II underway. GDPR + CCPA compliance on day one.