Security

Production uploads are stored in a private Supabase Storage bucket. Uploaded files are not public assets.

Admin downloads use short-lived signed URLs. Access is limited to the admin workflow.

Files are used for audit review, evidence preparation, and case follow-up. They can be deleted on request.

Accepted file types are PDF, CSV, XLSX, PNG, JPG, and JPEG. The current file-size limit is 20MB per file.

Redacted documents are accepted. No Shopify, 3PL, carrier, or store login credentials are required.

To request deletion of uploaded files, contact your audit contact.