Security

Payment security

Card payments are handled by Stripe Checkout. TenderQualify does not store card numbers or card security codes on its own systems.

Application safeguards

• The public site is served over HTTPS in production.
• Customer records are stored in Supabase with service-role access controls and row-level security policies.
• Operational access is limited to people and systems that need it to deliver the service.
• Secrets and API keys should be kept outside the repository and configured through environment variables or secret stores.

Data minimisation

The onboarding forms ask for the business details needed to prepare fit cards and billing. Customers should avoid submitting sensitive personal data in notes or exclusions.

Reporting issues

Report suspected security issues to info@aigenize.com with enough detail to reproduce the issue safely.