Security & trust
You're trusted with people's homes. We're trusted with the keys.
A Home Watch platform stores the most sensitive data in the business: alarm codes, entry instructions, and the knowledge of exactly when a house is empty. Here is precisely how we handle that responsibility — concretely, without marketing gloss.
How it's built
Six practices, stated plainly
Organization isolation
Every record in Dwellwatch belongs to exactly one company, and Postgres row-level security enforces that boundary on every query — in the database itself, not just in application code. One company can never read another's clients, properties, photos, or reports.
Role-based access
Five staff roles — owner, admin, ops manager, technician, and read-only — each see and do only what their job requires. Read-only users can look but never change; technicians work their visits without access to billing or company settings.
Homeowner data scoping
Homeowners sign in to a portal scoped to their own properties, enforced by the same row-level security. They see their reports, approvals, and history — never internal staff notes, never another client's homes.
Credential vault with recorded access
Gate codes, alarm codes, and lockbox combinations are stored in a dedicated vault and never shown in lists. Revealing a secret is a deliberate action that requires a stated reason, and each reveal — who, which credential, when, and why — is written to the audit history.
Audit history
Sensitive actions leave a permanent trail: credential reveals, record changes to protected data, and administrative actions are logged with actor, timestamp, and before/after values where relevant.
Sessions & file access
Authentication is handled by Supabase Auth with secure, httpOnly session cookies. Inspection photos and property documents live in private storage buckets and are served only through short-lived signed URLs that expire after one hour.
What we don't claim
We don't currently hold formal compliance certifications such as SOC 2, and we won't imply otherwise with badge walls. What we offer instead is a straight answer to any security question you ask — architecture, data handling, storage, or access. If a certification matters to your clients, tell us; it shapes our roadmap.
Ask us a security question