Security & data residency

Your books, your data, your jurisdiction.

Singapore data residency, hard role gates, and a complete audit trail on every agent run.

Where your data lives

Singapore region. Period.

Pinned to Southeast Asia.

Your tenant runs on a Supabase Postgres instance hosted in the Southeast Asia region. Backups stay in-region. We don't replicate customer data to other regions without explicit written consent.

Self-hosted infrastructure.

fc.wgrow.com is operated by wGrow Technologies Pte Ltd on infrastructure we control. The supporting Supabase project is on a private VPC; the application server lives behind a Caddy reverse-proxy with TLS terminated locally.

Who can see what

Row-level security at the database, role gates at the application.

Every read goes through Postgres RLS policies tied to the authenticated user. Mutations go through role-gated server routes.

Admin

Manage console users; full read and write access; manage RLS via service-role only when needed.

Manager

Same write surface as Admin, except cannot manage other console users.

Advisor

Read everything; trigger pipeline runs; can override agent outputs; cannot delete.

Support

Read-only across the whole console. No mutation paths.

Every run, recorded

Token-level audit trail.

Every agent call records tokens in, tokens out, USD cost, model version, and the input/output payloads. Every human override records the user, the timestamp, and the values before and after.

What gets recorded for every pipeline run, automatically:

  • Pipeline run ID and trigger reason
  • Each step's agent name, model, temperature, and parameters
  • Per-step token usage and cost
  • Reviewer rounds and feedback
  • Human overrides — old value, new value, who, when

In transit and at rest

Standard, but worth saying.

TLS 1.2+ for everything customer-facing. Postgres uses AES-256 at rest (managed by the underlying Supabase / disk layer).

Secrets — Supabase service keys, Gemini API keys, Gmail OAuth tokens — live in environment files outside the repository, with restricted file permissions on the host.

What we send out

Three external services. No model training.

Supabase

Stores your tenant data and runs Postgres + auth. Singapore-region hosted.

What we send

All customer data.

Google Gemini

Powers the agent reasoning. Gemini 3 Pro.

What we send

We send only the relevant ledger / document context for the current agent step. Google does not train on this data — we use the Gemini API under the no-training data-processing terms.

Gmail API

Sends transactional notifications (lead-form, user invites, password reset).

What we send

Outbound notification email only. No customer financial data.

Operations

How we keep it secure over time.

We treat security as ongoing operational work, not a launch checklist. Three things we run on an annual or per-change basis:

  • We commission external security testing on a recurring basis.
  • Vulnerability scanning on every dependency update.
  • Incident response: customer-impacting incidents disclosed within 72 hours under Singapore PDPC guidelines.

Need a security questionnaire filled out?