Compliance

• SOC 2–aligned controls (policies, change management, access reviews, vendor management)
• GDPR-ready data processing with DPA on request

Encryption

• TLS 1.2+ in transit
• At-rest encryption via managed cloud services
• Secrets managed via environment variables and restricted access

Application security

• Authentication powered by Supabase with secure session management
• Role-based access and least-privilege authorization controls
• Input validation and rate limiting on sensitive endpoints
• Audit logging for critical actions

Data protection

• Logical tenant isolation
• Configurable data retention for quotes and documents
• Secure file storage and signed URLs for documents

Availability & disaster recovery

• Uptime monitored with on-call rotation
• Automated backups and tested restore procedures
• Multi-AZ cloud infrastructure

Subprocessors

We evaluate security and privacy practices of key vendors and limit data shared to the minimum necessary.

Contact & responsible disclosure

Report security concerns to security@printunite.com. If you believe you’ve found a vulnerability, please give us reasonable time to remediate before public disclosure.