Security at Radar House
Talent managers run their business on lists, contacts, and competitive intel. Losing that data is not an option. Here is how we protect it.
Encryption in transit and at rest
All traffic between your browser and our servers uses TLS 1.2+. Database content is encrypted at rest by our infrastructure provider.
Hardened infrastructure
We run on Vercel (application) and Supabase (database). Both providers are SOC 2 Type II audited and operate in physically-secured US data centers.
Least-privilege access
Production access is limited to named engineers, gated by SSO with hardware-key 2FA. Database service-role keys are scoped to specific webhook handlers and never exposed client-side.
Row-level security
Every customer-facing table is protected by Postgres row-level security policies. A user can only read or write their own profile, lists, saved searches, and usage events — enforced at the database layer, not just the app layer.
No card data on our servers
Whop handles all payment processing. We store only your Whop membership ID and subscription tier — never card numbers, CVCs, or bank details.
Responsible disclosure
Found a vulnerability? Email security@radarhouse.app with details and a proof of concept. We respond within 48 hours and will not pursue legal action against good-faith researchers.
Compliance roadmap
We are a young company and we are honest about it. Today we inherit the SOC 2 Type II certifications of our infrastructure providers. We plan to pursue our own SOC 2 Type II in our first year of operation. If you need specific compliance documentation before signing on, email hello@radarhouse.app.