Back to Pramania

Security overview

Security Overview

Operational overview for launch readiness. No audit, certification, or legal compliance claim is made.

Pramania is designed around authenticated access, Supabase Row Level Security, private storage buckets, server-side validation, production rate limits, SSRF-safe public-link ingestion, and avoidance of sensitive profile or resume text in telemetry.

Current Controls

User workspace records are scoped by authenticated user id. Admin-only records are protected by database policies. Uploaded files and generated artifacts use private storage paths. Owner/admin tier changes and credit actions are expected to leave audit evidence.

Incident Response

Security incidents are tracked in an admin-only incident log. Notification deadlines are surfaced for operational review when notification may be required, but final notification decisions require qualified review.

To report a security or account-access concern, contact support@pramania.com.

Production Hardening Backlog

Legal review of public policies and request handling: missing.

Final data retention schedule approved by owner and counsel: missing.

DPA and subprocessor review completed: draft.

Hosting and processing regions confirmed: missing.

Cross-border transfer basis documented: missing.

Breach response owner and escalation rota assigned: draft.

Durable distributed rate limiting selected for production: draft.

Admin access review cadence scheduled: draft.

Payment entitlement reconciliation and refund support procedure approved: draft.