Security & Compliance

Security Overview

Last updated: 12/14/2025

This Security Overview describes the administrative, technical, and physical safeguards used to protect Follow Through. Beer Tech Studios LLC continues to improve and enhance these controls over time.

1. Overview

Follow Through is a workflow and productivity tool designed for financial professionals. The platform prioritizes privacy, access control, and the protection of advisor-entered prospect and client information.

While Follow Through is not a recordkeeping system or custodian, it uses strong modern security practices to safeguard the data it stores.

2. Data Storage & Hosting

Follow Through is hosted on Supabase, a PostgreSQL-backed platform-as-a-service. Supabase provides:

  • Fully managed Postgres database
  • Encrypted storage and transport (TLS)
  • Role-Based Access Control (RBAC)
  • Row-Level Security (RLS) policies
  • Automatic key rotation and access logs

All application data—including leads, follow-ups, emails, advisor settings— resides in a Supabase Postgres instance with strict RLS rules ensuring that each advisor can only access their own data.

3. Authentication & Account Security

Authentication is provided via Supabase Auth with support for industry-standard security features:

  • Secure password storage using bcrypt
  • Email-based login & password reset flows
  • JWT-based session management
  • Automatic session refresh and expiration

4. Access Controls & Data Isolation

Follow Through uses row-level security (RLS) to ensure each advisor can access only their own data. All core tables implement restrictive policies, including:

  • leads
  • followups
  • emails
  • followup_preferences
  • advisor_profiles

Each query checks auth.uid() at the database layer, not only in the front end, preventing unauthorized access even if a malicious request is made.

5. Encryption

All data is encrypted in transit and at rest:

  • In-transit: TLS 1.2+ encryption securely protects data between the client and the servers.
  • At-rest: Supabase uses AES-256 or equivalent encryption for stored data.

6. AI Privacy Controls

Follow Through uses optional AI features (such as email drafting). These features follow strict privacy requirements:

  • No client names or PII are ever sent to AI providers
  • Prompts use placeholders such as [Client]
  • Advisor contact details are swapped in locally, after the AI response is returned
  • Advisors must review and approve each draft before sending

The app maintains a strict “zero PII to AI” policy.

7. Data Minimization & Best Practices

Follow Through is designed so advisors do not enter, store, or manage sensitive financial information. The platform:

  • Does not store account numbers, balances, or financial statements
  • Encourages advisors to limit stored data to high-level context only
  • Uses tags, notes, and metadata—not financial PII—to power features

8. Audit Logging

Supabase provides detailed logs for database queries, auth events, and API activity, which enables monitoring and forensic traceability for compliance teams.

9. Incident Response

Beer Tech Studios LLC maintains internal procedures for responding to:

  • Security alerts
  • System outages
  • Unauthorized access attempts
  • Data integrity issues

Advisors will be notified if their data is affected by any significant incident.

10. Advisor Responsibilities

Advisors are responsible for:

  • Securing their devices and passwords
  • Following their firm’s internal compliance rules
  • Ensuring stored information does not contain prohibited or sensitive data

11. Ongoing Security Improvements

Beer Tech Studios LLC is actively improving security controls, testing, and monitoring. As new features are introduced, this document will be updated to reflect those changes.

12. Contact

For questions about security practices, please contact:

Beer Tech Studios LLC
Email: [insert security/support email]