Security

Built for production.

Tempo runs on enterprise-grade security patterns. Claim data is isolated, validated, and audited at every layer.

Authentication & Authorization

JWT-based session tokens via NextAuth on every request
Role-based access control: manager, adjuster, vendor
All 25+ API routes verify authentication before processing
Session tokens expire and cannot be reused

Data Isolation

Supabase Row-Level Security (RLS) on all tables
Notifications scoped to individual users (auth.uid())
Audit trail restricted to manager role
Service role key used for admin operations only

Input Validation

Zod schemas on all write operations (create, update, delete)
Field whitelisting prevents mass-assignment attacks
Status transition state machine prevents invalid claim changes
Search inputs capped at 100 characters to prevent query abuse

Rate Limiting & Protection

IP-based rate limiting on public AI endpoints (10 req/min)
Message length caps on user input (2,000 characters)
Webhook authentication required in production
Cron route authentication via CRON_SECRET header

Audit & Observability

Every state change logged to audit_log table
AI token usage tracked per call with cost estimates
Claim events provide full activity timeline
Automation rule execution logged in activity feed

AI Security

AI API calls use structured JSON output with validation
Tool call inputs whitelisted (only permitted fields can be updated)
AI responses validated via safeParseJSON before database writes
Non-critical AI calls are non-blocking (failures don't break workflows)

Infrastructure

Deployed on Vercel (SOC 2 Type II compliant)
Database on Supabase (SOC 2 Type II, ISO 27001)
HTTPS enforced on all endpoints
Environment variables managed via Vercel (never in code)

Vercel and Supabase maintain their own compliance certifications. Tempo inherits their infrastructure security.
For questions about our security practices, contact the team.