Auth and access boundaries
Supabase-backed authentication with protected app routes and user-scoped API access checks.
Security
Security posture for Case Keeper
We prioritize practical controls across authentication, origin boundaries, and billing integrations to reduce operational risk.
Security controls
Origin and API controls
Worker origin allowlists and same-origin web proxy enforcement for sensitive API pathways.
Billing and webhook integrity
Stripe webhook signature validation and idempotent subscription update handling.
Operational observability
Structured cutover runbook, parity checklist evidence, and rollback thresholds for release control.
Responsible disclosure
Report security issues to security@case-keeper.com. Include reproducible steps and impact notes where possible.