Enterprise-Grade Security
Your gallery data is sensitive and valuable — artwork records, collector details, financial transactions, and provenance histories. Artfolio protects it all with multiple layers of enterprise-grade security.
RLS Policies
132+
RBAC Permissions
59
Encryption
AES-256
Uptime SLA
99.9%
Security Philosophy
Defense in depth — every layer matters.
Infrastructure
Hosted on enterprise cloud infrastructure with automatic scaling, DDoS protection, and geographic redundancy.
Application
Server-side permission enforcement, input validation with Zod schemas, parameterized queries, and CSRF protection.
Data
Row-level security, tenant isolation, encrypted storage, automated backups, and complete audit trails.
How We Protect Your Data
Nine security pillars that safeguard every piece of gallery data from the moment it enters Artfolio.
Data Encryption
All data is encrypted at rest using AES-256 and in transit with TLS 1.3. Your gallery inventory, collector details, and financial records are protected by the same encryption standards used by leading financial institutions.
Row-Level Security
Every database query is governed by 132+ row-level security policies in Supabase PostgreSQL. Each organization's data is completely isolated at the database level, ensuring no cross-tenant data access is ever possible.
Access Controls
A 4-role RBAC system (Owner, Admin, Staff, Viewer) with 59 granular permissions controls exactly who can view, create, edit, or delete every resource. Permissions are enforced server-side on every API request.
Two-Factor Authentication
TOTP-based two-factor authentication adds a second layer of protection to every account. Team members set up 2FA via QR code with any authenticator app. MFA challenges are enforced at login for enrolled users.
Audit Logging
Every significant action is recorded in a comprehensive audit trail. From artwork edits to invoice sends, permission changes to data exports, your organization has full visibility into who did what and when.
GDPR Compliance
Artfolio is built with GDPR and data privacy at its core. Full data export in CSV and JSON formats, right to deletion support, and EU-ready data handling ensure compliance with global privacy regulations.
SOC 2 Readiness
Our security controls are aligned with the SOC 2 Type II framework. From access management and change control to incident response and monitoring, Artfolio maintains the operational rigor expected by enterprise clients.
Backup & Recovery
Daily automated backups with point-in-time recovery ensure your data is never lost. Our infrastructure supports instant restoration, so even in the unlikely event of a failure, your gallery data is safe and recoverable.
Incident Response
A structured incident response process includes real-time monitoring, automated alerting, and a clear communication protocol. If a security event occurs, our team responds immediately with transparent status updates.
Security Is Not an Afterthought
At Artfolio, security is built into the foundation of every feature we ship. From the first line of code to the final deployment, every component goes through security review. Our database schema includes 132+ row-level security policies that enforce tenant isolation at the PostgreSQL level — not just in the application layer.
Every API route validates permissions server-side using our 59-permission RBAC matrix. Input is validated with strict Zod schemas. SQL injection is prevented through parameterized queries. CSV exports are sanitized to prevent formula injection. UUID parameters are validated before they reach the database.
We conduct regular security audits and continuously improve our security posture. Our incident response procedures ensure that if anything does go wrong, we detect it quickly, respond immediately, and communicate transparently with affected customers.
Your trust is the foundation of our business. We earn it every day by treating your data with the care it deserves.