IntenProp

Security

We protect your personal and financial data with modern security practices and trustworthy infrastructure.

Last updated: 16 Oct 2025

Key principles

  • Least privilege — access is limited to what’s needed, for the shortest time.
  • Encryption — data is encrypted in transit (HTTPS) and at rest in our database and file storage.
  • Transparency — we clearly describe how your data is handled (see Privacy).

Infrastructure

  • Hosting — IntenProp runs on Vercel (serverless functions and frontend). All traffic is over HTTPS.
  • Database & Storage — We use Supabase (Postgres + Storage). Data at rest is encrypted by the provider.
  • Inbound email — We use Postmark to receive inbound emails and attachments securely via webhooks.
  • Document processing — We use Google Cloud Document AI to extract amounts/dates from PDFs and images.

Access & application controls

  • Authentication — passwordless email sign-in (magic links). Sessions are short-lived and can be revoked.
  • Row-level rules — Supabase row-level security ensures users can only access their own data and files.
  • File access — files in private storage are accessed via short-lived signed URLs. We never expose raw bucket keys.
  • Secrets — API keys and service credentials are stored in environment variables (not in code), rotated when needed.

Operational practices

  • Backups are taken by our providers and retained for disaster recovery for a limited period.
  • We monitor for errors and unusual behavior and respond to incidents with priority.
  • We apply security updates to dependencies and infrastructure as they become available.

Responsible disclosure

If you believe you’ve found a security issue, please email security@intenprop.com. We’ll acknowledge and investigate promptly. Please don’t publicly disclose issues until we’ve worked on a fix.

Questions

You can also reach our support team at support@intenprop.com.