Start Free

Security

How we protect your data

Last updated May 2026

Security is part of the product. Coaches, clubs, and players trust us with their plans, line-outs, fitness numbers, and team rosters. Here is how we keep that information safe.

Encryption

  • Every page is served over HTTPS using TLS 1.2 or above. Your browser will not connect over plain HTTP.
  • Data in our database is encrypted at rest. Backups are encrypted before they leave the database server.
  • Passwords are hashed with bcrypt. We never see, log, or store your plain-text password.

Authentication

  • Sign-in is handled by Supabase Auth, an industry-standard provider. We support email plus password and OAuth providers.
  • Two-factor authentication (TOTP) is available for every account. Coaches and admins can enrol from the security page inside their account.
  • Session tokens are short-lived and rotated automatically. Suspicious sign-ins trigger an email alert.

Payments

We use Stripe to process every payment. Card numbers, CVCs, and billing addresses go directly from your browser to Stripe, with no card data ever touching our servers. Stripe is PCI DSS Level 1 certified, the highest tier.

Access controls

  • Production access is restricted to a small named list of engineers, secured by two-factor authentication.
  • Every database query is logged. We review access logs on a regular cadence.
  • Within a team or club, you control who sees what. Owners can add and remove members from the portal at any time.

Hosting and infrastructure

The platform runs on Vercel and Supabase, both SOC 2 Type II certified. Data is hosted in modern, hardened data centres with 24/7 monitoring, redundant power, and physical access controls.

Vulnerability disclosure

Found something? We’d rather hear it from you than from a bad actor. Email support@eliterugbyapp.com with the details and steps to reproduce. We will respond within two business days and keep you posted as we work on a fix. We do not take legal action against good-faith researchers who follow this process.

Incident response

If a security incident affects your data, we will notify you without undue delay, explain what happened, what we know, and what we are doing about it.

Security or compliance questions?

Email support@eliterugbyapp.com.