Security
Your security is our top priority. We implement industry-standard security measures to protect your personal and financial information.
Encryption
All data is encrypted in transit using TLS and at rest. Your financial information is never stored in plain text.
Secure Authentication
We use Supabase Auth with email verification required for all new accounts. Sessions are managed with secure, httpOnly cookies and automatically expire after 10 minutes of inactivity.
Infrastructure Security
Our infrastructure is hosted on Supabase and Vercel, both SOC 2 Type II compliant platforms. Our providers conduct regular security audits, penetration testing, and vulnerability scanning.
Access Controls
Strict access controls ensure only you can view your data. Sherpa Plan is owned and operated by Fargason Capital LLC, and database access is limited to essential operations only.
Data Protection Practices
- Daily automated backups with point-in-time recovery via Supabase Pro
- Automatic session timeout after 10 minutes of inactivity
- Rate limiting and DDoS protection via Vercel
- Regular security training for team members
Reporting Security Issues
If you discover a security vulnerability, please report it to us at contact@sherpaplan.com. We take all reports seriously and will respond promptly.