Security designed for auditable commerce scoring.

Scan results, audit artifacts, and fix recommendations are stored in Supabase and encrypted at rest with AES-256-GCM. The same storage commitment is published in the UCPScore pricing FAQ.

Service credentials are used server-side for privileged operations. Public browser flows do not receive service-role credentials.

The dashboard middleware protects every /admin/* page and every /api/admin/* endpoint behind an authenticated operator session. If the admin session secret is missing, the middleware fails closed.

The only unauthenticated carve-outs are the login surface and the published-content read used by public pages. Unauthorized admin API requests return a 401 response; unauthorized admin page requests redirect to login.

Scan and benchmark records are keyed by store, scan, and account identifiers so public benchmark data, private customer scans, and operator-only administrative views can be handled through separate routes and repository methods.

Public pages expose published content and public report views. Admin operations are routed through operator-gated server code, not direct client-side table access.

UCPScore scores are designed to be reproducible from the scan evidence, rubric version, and score breakdown. The public benchmark and report posture depends on a SHA-pinned rubric and receipt-grade audit artifacts, not unverifiable marketing claims.

This is the core security posture for trust claims: a score should be traceable back to the code path, evidence, and rubric that produced it.

If you believe you have found a security issue, email hello@ucpscore.ai with the subject line "Security disclosure". Include the affected URL, reproduction steps, impact, and any relevant screenshots or request IDs.

Please do not access, modify, delete, or exfiltrate data that is not yours. UCPScore will acknowledge actionable reports and coordinate remediation based on severity.