Multi-factor protection

Applicants are strongly encouraged to add an authenticator factor. Staff accounts must use it, and applicant opt-outs are warned and recorded.

Least-privilege access

The generated database API is closed to browser roles. Server routes re-check identity, security choice, ownership, and staff authorization.

Private document storage

Files never receive public URLs. Upload and download permissions are signed, scoped, and short-lived.

Short retention

Submitted files receive a scheduled purge date. A daily authenticated cleanup removes documents and application records.

Safer URL auditing

Website scans block local and private network addresses, limit redirects and response sizes, and treat page content as untrusted.

Data minimization

We request the evidence needed for underwriting and avoid collecting full tax identifiers in form fields.

Shared responsibility

Payment Legend uses Supabase and Vercel for managed infrastructure, encryption in transit, and encryption at rest. No system can eliminate risk. Applicants should use a trusted device, protect their email and authenticator app, and sign out after use. Staff access should remain limited to people actively handling underwriting.

Do not email application documents. If something appears wrong, stop and contact the Payment Legend team through your established business channel.