Security
Built with security at the foundation.
En Casa is built on enterprise-grade infrastructure used by some of the world’s most trusted software companies.
Infrastructure
Enterprise infrastructure
En Casa runs on Supabase — built on PostgreSQL with end-to-end encryption, SOC 2 Type 2 compliant infrastructure, and data centers in the United States. All data is encrypted at rest and in transit.
Encrypted at rest and in transit
AES-256 encryption for stored data. TLS 1.2+ for all data in transit.
SOC 2 infrastructure
Hosted on Supabase, which maintains SOC 2 Type 2 compliance.
US-based data storage
All guest and operator data stored in US data centers.
Access Control
Granular access control
Every piece of data in En Casa is scoped to the operator who owns it. Row-level security policies enforce that operators can only see their own guests, their own reservations, and their own documents — enforced at the database level, not just the application layer.
Row-level security
Database-enforced policies ensure operators can only access their own data.
Invite-only guest access
Guests access portals via unique secure tokens. No self-signup.
Multi-tenant isolation
Every query is scoped to the operator’s organization. Cross-tenant access is architecturally impossible.
Authentication
Secure authentication
Guest portals use token-based invite links. Admin access uses email + password authentication with rate limiting to prevent brute-force attacks.
Rate-limited sign-in
Brute force protection with sign-in rate limits.
Invite-only portal access
Guests receive a unique, time-limited invite link. No public registration.
Responsible Disclosure
Found a vulnerability?
We take security seriously. If you discover a security issue, please contact us directly before disclosing publicly.
security@encasasoftware.comWe aim to respond to all security reports within 48 hours.