← Back to Trust Center

Access Controls

Last updated: March 25, 2026

CaseProof enforces access controls at multiple layers to ensure users can only access data they own, and that CaseProof staff cannot access customer matter data without explicit permission.

Authentication

  • Email/password authentication via Supabase Auth.
  • Sessions are managed with short-lived JWTs. Refresh tokens are rotated on each use.
  • Sessions expire after a period of inactivity.

Row-Level Security

Every database query is scoped to the authenticated user via PostgreSQL Row-Level Security (RLS). A user cannot query, read, or write another user's matters, files, or case data — even if they share the same database instance. RLS policies are enforced at the database level, not just the application layer.

Role-Based Access

  • Matter owner: Full read, write, and delete access to all data within the matter.
  • Reviewer (planned): Read-only access to shared matters, no ability to upload or delete.
  • Viewer (planned): Limited read access to specific exported outputs only.

Team roles are enforced at both the API and database layers.

CaseProof Staff Access

CaseProof staff do not have access to customer matter data by default. Production database access is restricted to a limited set of authorized engineers. Any access is logged, auditable, and requires explicit customer permission for technical support purposes.

Audit Logs

Critical actions — including file uploads, deletions, chronology generation, and exports — are logged with the authenticated user ID, timestamp, and IP address. Audit logs are stored in Supabase and are not accessible to end users directly. They are available to CaseProof staff for security investigations and upon legal request.

Session Management

  • JWTs are short-lived and must be refreshed periodically.
  • Refresh tokens are rotated on each use, preventing token reuse after logout.
  • Logging out invalidates the current session immediately.