English
РусскийEnglish
Get answerStartFirst entranceGet answerAnswer gateMy dayDaily hallHallsOmenHall chambersAppAdd to home screenOraclesOracle voicesGuideScriptoriumSearchNavigation lanternPricingScroll shopAccountSeeker quarters
Sign inRegister

Quiet vault

Data and privacy drill

Final verification of Supabase production data: migrations, RLS, storage, account history, deletion request, support access, and private fields.

Data should help return a scroll to its owner, not become an extra mirror of someone's private life.

SupabasePrivacy

Apply and verify migrations

Production database must have current schema, indexes, RLS policies, and audit-friendly fields.

  • Migrations applied.
  • RLS enabled.
  • Storage policies checked.

Check user boundaries

User must see only their own history, favorites, journal, purchased scrolls, and preferences.

  • Account isolation.
  • Share without question.
  • No admin data leak.

Check deletion/recovery

Deletion and access recovery must be documented and must not break support.

  • Deletion request path.
  • Recovery path.
  • Support access limited.

checklist

What to check

  • RLS policies verified.
  • No cross-account visibility.
  • Private questions do not appear in public cards.
  • Deletion request path documented.
  • Support can help without excessive data exposure.

red flags

When to stop

  • A user can see another user's reading.
  • Share card exposes full question.
  • Service role used in browser.
  • Deletion process is unclear.

done when

Definition of done

  • Production schema and RLS checked.
  • Privacy flows documented.
  • Support path respects minimal disclosure.

related doors

SupabaseMigrations, Auth, RLS, storage, and rate limit.Indexing auditWhat should be indexed, what must be noindex, and where account pages must not leak.PrivacyPublic privacy policy.