Security

Built for campaigns that handle voice, place, rewards, and identity.

YRQR treats security as part of campaign integrity. The platform is designed around scoped access, signed scan flows, controlled storage, auditability, and participant erasure from the start.

Authentication and access

Operator, admin, and participant surfaces are separated by role and tenant.
Supabase Auth supports anonymous-first participation and account upgrade where a participant chooses it.
Database row-level security is used as a primary authorisation control, not just an application convention.

Signed campaign interactions

Sticker and QR payloads are HMAC-signed so campaign scans can be verified before they create activity.
Campaign stages, sticker formats, registrations, and scan records are tracked to preserve context.
Location verification can be required for campaign types where physical presence matters.

Storage and processing

Media is kept in scoped storage buckets with server-side controls and signed access patterns.
Voice, text, photo, and video submissions are processed into structured outputs with quality flags and traceability.
Background processing is designed to preserve status, error context, and retry visibility.

Operations and accountability

Admin and operator actions that matter are logged for audit and troubleshooting.
Participant erasure workflows are part of the data model rather than an afterthought.
Production deployments are expected to use environment-managed secrets, monitoring, backups, and incident review.

Current status

YRQR is pre-launch. This page describes the intended platform security posture for early access and launch conversations. Formal certifications, penetration-test reports, or customer security attestations will only be published once they exist.

Discuss security requirements