Security at specimenOS
We take the security of your cultivation data seriously. Here's how we protect your operation.
Our approach
Security built into every layer
From database isolation to payment processing, security is a foundational requirement — not an afterthought.
Data Isolation
Row-level security (RLS) on every database table. Each workspace’s data is completely isolated. No cross-tenant data access is possible.
Encryption
All data encrypted at rest (AES-256) and in transit (TLS 1.2+). Database connections secured via SSL.
Authentication
Secure authentication via Supabase Auth. Password hashing with bcrypt. Optional PIN auth for shared workstations. Session management with secure, HTTP-only cookies.
Access Control
Role-based permissions with 23 granular permission flags. Three roles: Director, Supervisor, Grower. Least-privilege principle enforced at every layer.
Audit Trail
Append-only audit logging of all significant actions. Who did what, when, and from which module. Tamper-resistant by design.
Secure Payments
All payment processing handled by Stripe, a PCI-DSS Level 1 certified provider. We never store credit card numbers.
Infrastructure
Built on trusted providers
specimenOS runs on industry-leading infrastructure. Each provider maintains their own security certifications and compliance programs.
Database
Supabase (PostgreSQL)
Managed database with automated backups, point-in-time recovery, and connection pooling via PgBouncer.
Hosting
Vercel
Global edge network with built-in DDoS protection, automatic HTTPS, and isolated serverless functions.
Resend
Transactional email with SPF, DKIM, and DMARC authentication to prevent spoofing and phishing.
Data ownership
Your data belongs to you
We believe you should always have full control over your cultivation data.
- Export anytime. Download your data whenever you need it. No lock-in, no export fees.
- We never sell your data. Your cultivation records, protocols, and operational data are yours alone. We do not sell, share, or monetize your data in any way.
- 30-day retention after cancellation. If you cancel your subscription, your data is preserved for 30 days so you can export it or reactivate. After 30 days, all data is permanently deleted.
- For full details, see our Privacy Policy.
Responsible disclosure
Found a vulnerability?
We appreciate the work of security researchers and the broader community in helping keep specimenOS safe.
If you discover a security vulnerability in specimenOS, please report it to security@specimenos.com. We take all reports seriously and will investigate promptly.
Please do not publicly disclose any vulnerability until we have had a reasonable amount of time to investigate and address it. We will acknowledge your report within 48 hours and keep you informed of our progress.
Contact
Questions or concerns?
Our team is here to help with any security or privacy questions.