Skip to content

Security & trust

You're trusted with people's homes. We're trusted with the keys.

A Home Watch platform stores the most sensitive data in the business: alarm codes, entry instructions, and the knowledge of exactly when a house is empty. Here is precisely how we handle that responsibility — concretely, without marketing gloss.

How it's built

Six practices, stated plainly

Organization isolation

Every record in Dwellwatch belongs to exactly one company, and Postgres row-level security enforces that boundary on every query — in the database itself, not just in application code. One company can never read another's clients, properties, photos, or reports.

Role-based access

Five staff roles — owner, admin, ops manager, technician, and read-only — each see and do only what their job requires. Read-only users can look but never change; technicians work their visits without access to billing or company settings.

Homeowner data scoping

Homeowners sign in to a portal scoped to their own properties, enforced by the same row-level security. They see their reports, approvals, and history — never internal staff notes, never another client's homes.

Credential vault with recorded access

Gate codes, alarm codes, and lockbox combinations are stored in a dedicated vault and never shown in lists. Revealing a secret is a deliberate action that requires a stated reason, and each reveal — who, which credential, when, and why — is written to the audit history.

Audit history

Sensitive actions leave a permanent trail: credential reveals, record changes to protected data, and administrative actions are logged with actor, timestamp, and before/after values where relevant.

Sessions & file access

Authentication is handled by Supabase Auth with secure, httpOnly session cookies. Inspection photos and property documents live in private storage buckets and are served only through short-lived signed URLs that expire after one hour.

What we don't claim

We don't currently hold formal compliance certifications such as SOC 2, and we won't imply otherwise with badge walls. What we offer instead is a straight answer to any security question you ask — architecture, data handling, storage, or access. If a certification matters to your clients, tell us; it shapes our roadmap.

Ask us a security question

Trust is your product. It's ours too.

Start a free trial and look under the hood yourself — roles, the vault, and the audit trail are on every plan.