Data protection
API traffic uses HTTPS. Data stores rely on provider-managed encryption at rest. Private event details and precise-location records are limited by product scope and retention rules.
Proxxi is built for nearby events, people, and city signal. The security model starts with privacy-first product design, then layers in access controls, monitoring, retention limits, and honest compliance language.
API traffic uses HTTPS. Data stores rely on provider-managed encryption at rest. Private event details and precise-location records are limited by product scope and retention rules.
Supabase authentication, row-level security, server-side RPC boundaries, and least-privilege operational access reduce exposure of account and location data.
Crash, funnel, and operations telemetry are used to detect errors and quality issues. Sensitive fields such as exact coordinates, message bodies, and source URLs are redacted where practical.
Mobile purchases are staged through app-store billing and RevenueCat. Proxxi does not store card numbers in the mobile app.
Safety verification is handled by Persona when enabled. Proxxi receives verification status, not ID photos.
Security reports are investigated, contained, documented, and escalated for user or regulator notification when required by applicable law.
Proxxi uses service providers for infrastructure, authentication, analytics, diagnostics, identity verification, billing, push notifications, AI features, and public event source ingestion.
No completed SOC 2 report is claimed at this time. Proxxi maintains a readiness plan and evidence checklist for future SOC 2 work.
No ISO 27001 certificate is claimed at this time. Proxxi is organizing security management practices so a future certification project has a cleaner starting point.
No. Proxxi's current scope is consumer and partner event discovery, proximity networking, messaging, and city intelligence. Regulated healthcare workflows would need a separate legal and security review before launch.