Security
- EU-hosted infrastructure: Supabase Frankfurt + Vercel fra1.
- Authentication via Clerk with magic-link and GitHub OAuth.
- Payment data never touches our servers — Stripe handles it end-to-end.
- Row Level Security enabled on every Caldrus table.
- HMAC-verified webhooks with constant-time signature comparison.
- Pre-commit gitleaks hook on the codebase. Live secrets never reach the public repo.
Report a vulnerability: security@caldrus.com.