Security

Specifics, not badges.

Here is where your data lives, how tenants are kept apart, and who processes what. Every claim on this page is checked against the code it describes.

Where your data lives

Tend runs in Sydney, Australia. The application is served from Vercel's Sydney region and your data lives in Postgres, managed by Supabase, in AWS ap-southeast-2 - also Sydney. One region, one database, close to the teams we serve.

Encryption

Everything moves over TLS - browser to app, app to database, and every call to the services listed below. At rest, your data sits in Supabase's managed Postgres, which encrypts storage as part of the platform. We do not run our own database servers, and we do not keep copies of your data outside it.

Tenancy

Every workspace's rows are tagged with that workspace, and isolation is enforced inside the database itself with Postgres row-level security. Each query the application runs is pinned to a single workspace for its whole transaction; the database refuses to return another tenant's rows even if application code asks. The wall is in the database layer, not just the code above it.

Backups & export

The database platform takes its own server-side backups. Independently of that, any workspace admin can download a complete export - every table, one JSON file - from Settings → Backup & export, any time, no ticket required. Your data is yours; leaving should be a download, not a negotiation.

Access & audit

Access inside a workspace is role-based: built-in Admin, Agent, Finance, and Read-only roles, plus custom roles with per-capability permissions. Staff can sign in with Microsoft or Google single sign-on. Sensitive actions - billing, settings, permanent deletion, the full export above - sit behind their own capabilities. Every consequential settings change is recorded, so you can see who changed what, and when.

Customer portal

The portal is private and never uses passwords. Every visitor signs in with a short-lived email link, exchanged for an httpOnly session - so there is nothing to phish, reuse, or reset, and possession of a link or a ticket reference alone shows nothing. The sign-in form answers identically whether or not an address is known to us, so it can't be used to probe who your customers are.

Email security

Mail Tend sends on your own domain is DKIM-signed with aligned Return-Path (SPF), using records issued per workspace. We only switch your outbound mail to a custom domain once both records verify - half-authenticated mail lands in spam, so we refuse to send it.

Responsible disclosure

Found a vulnerability? Email support@technovo.au with "Security" in the subject - it lands on our own service desk (which runs on Tend) and a human reads it, usually the same day. Report in good faith and we'll work with you, credit you if you want it, and never take legal action over honest research. Please don't access other people's data or degrade the service while testing.

Subprocessors

The complete list of services that touch your data. Nothing else does.

  • VercelApplication hosting and computeSydney (syd1)
  • SupabaseManaged Postgres databaseSydney (ap-southeast-2)
  • PostmarkTransactional email, in and outUnited States
  • StripeBilling - card details never touch TendGlobal

Want to see it holding up in real time? Check the status page - uptime there is measured, not asserted.