Who can see my account's data?

Only users you invite. RoofKnockers staff (platform_admin role) can access support tools and impersonate with consent for support cases - every impersonation is logged in your audit log.

How do you handle a data breach?

We follow industry-standard incident response: contain, assess, notify affected customers within 72 hours, post-mortem. Customers can subscribe to status updates at our status page.

Can I export all my data?

Yes. /billing → Download My Data exports a JSON archive of every record tied to your account. CSV export of leads is also available. Rate-limited to once per 5 minutes.

What happens to my data if I cancel?

We retain data for 30 days after cancellation in case you reactivate. After 30 days, all data is permanently deleted. You can request immediate deletion via support@roofknockers.com.

Do you support SSO (SAML / OIDC)?

Not yet. SSO is on the post-V1 roadmap. Today we use Supabase email + password auth.

Are passwords hashed?

Yes - handled by Supabase Auth (bcrypt). We never see plain-text passwords.

What's your security disclosure policy?

Email security@roofknockers.com (also support@ if security@ isn't responsive within 24 hours). We commit to acknowledging within 1 business day and patching critical issues within 7 days.

Security & Privacy

Built with data protection baked in

Encrypted, US-hosted, RLS-isolated, and audit-logged. Here's exactly what we do today and what we're working toward.

How we protect your data

Encrypted in transit and at rest

All traffic is HTTPS with HSTS preload. Database storage encrypted at rest by Supabase (AES-256). Webhook secrets stored encrypted with a per-deployment key.

US-only hosting

App runs on Vercel (US regions). Database on Supabase (US). Compliance with US data residency requirements out of the box.

Daily backups + point-in-time recovery

Database backed up daily with 7-day point-in-time recovery on production. Files in Supabase Storage are versioned.

Row-level security on every table

Tenant isolation enforced at the database layer with PostgreSQL RLS policies. Cross-account reads physically impossible without service-role credentials, which only the server holds.

Privilege-escalation guards

Sensitive columns (subscription status, seat caps, role, plan_type) are write-protected by triggers. Even an account_admin can't elevate themselves to platform_admin.

Audit log

All admin actions, role changes, impersonation events, and data exports are recorded. Available to account admins on Elite.

Rate limiting + abuse controls

Per-user and per-account rate limits on contact form, checkout, exports, and API. Origin checks on all cookie-authenticated mutations.

Strict signup hygiene

Anti-enumeration on signup errors, password requirements (8+, uppercase, number), and email-confirmation gating on suspicious patterns.

Compliance status

We're honest about what's in scope and what's on the roadmap.

GDPR / CCPA	Full data export and account deletion supported by every customer.
SOC2 Type I	Targeting Q3 2026. Practices already aligned with SOC2 controls.
PCI-DSS	We never see card data - Stripe handles all PCI scope.
HIPAA	Not in scope. Don't store PHI in RoofKnockers.

Frequently asked questions

United States. App on Vercel (US-East primary), database on Supabase (US-East primary).

Found a security issue?

We take responsible disclosure seriously. Email security@roofknockers.com. We acknowledge within one business day.

Or contact us →

Security shouldn't be a checkbox.

Read the full controls, then start a 14-day trial. We're transparent because trust scales.

Start Your 14-Day Free Trial