exhibitERP
Sign InGet Started

Trust & Safety

Security at exhibitERP

Your operational data — exhibitor records, staffing, financials, and client information — is business-critical. We take its security seriously.

Encryption in Transit & at Rest

All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher. Data stored in our database is encrypted at rest using AES-256 encryption. Passwords are hashed using bcrypt and never stored in plaintext.

Role-Based Access Control

exhibitERP enforces granular role-based access control (RBAC). Each user is assigned a role that determines exactly which resources they can read, write, or manage. Row-level security policies in the database ensure that tenants can never access another organization's data.

Infrastructure Security

Our platform is hosted on infrastructure managed by Supabase (PostgreSQL) and Hostinger. Database access is restricted to our application servers only — no direct public database access is permitted. We enforce IP allowlisting and private networking for all database connections.

Audit Logging

Every significant action in the platform — data access, modifications, admin actions, and authentication events — is logged with a timestamp, actor identity, and full audit trail. These logs are retained for 365 days and are accessible to platform administrators.

Backups & Disaster Recovery

Your data is backed up continuously with point-in-time recovery available. We maintain geo-redundant backups with a recovery point objective (RPO) of 1 hour and a recovery time objective (RTO) of 4 hours for enterprise customers.

Incident Response

We maintain an incident response plan and a dedicated security contact. In the event of a confirmed data breach, we will notify affected customers within 72 hours as required by applicable law, including GDPR. We log and remediate all security incidents.

Technical Specifications

Encryption in transitTLS 1.2 / TLS 1.3
Encryption at restAES-256
Password hashingbcrypt (salted)
AuthenticationSupabase Auth (JWT)
DatabasePostgreSQL with Row-Level Security
Session managementSecure, HttpOnly cookies
CORS policyStrict origin allowlist
Rate limitingApplied to all API endpoints
Backup frequencyContinuous (point-in-time)
Backup retention30 days
Log retention365 days
Uptime target99.9% SLA (Enterprise)

Responsible Disclosure

We welcome security researchers who responsibly disclose vulnerabilities. If you discover a security issue, please report it to us privately before disclosing it publicly. We commit to acknowledging your report within 48 hours and working to address confirmed vulnerabilities promptly.

Report a Vulnerability → [email protected]