Firewater is a cloud-hosted application for licensed retailers. This policy describes data protection and abuse prevention, including AI rate limiting.
Each store has a unique store ID. Supabase Row Level Security ensures:
store_id claim.inventory, count_history, hub_data).Tables store_api_keys, app_secrets, and ai_rate_limits are not accessible from the browser.
The ask-assistant edge function enforces limits to prevent abuse and control LLM cost.
| Edge secret | Default | Scope |
|---|---|---|
AI_RATE_BURST_PER_MIN | 3 | Per IP, per minute |
AI_RATE_SOMMELIER_HOUR | 12 | Sommelier, per IP, per hour |
AI_RATE_INVENTORY_HOUR | 8 | Inventory AI, per IP, per hour |
AI_RATE_STORE_HOUR | 12 | All AI, per store, per hour |
AI_RATE_STORE_DAY | 40 | All AI, per store, per day |
AI_RATE_IP_DAY | 30 | Per IP per mode, per day |
Configure in Supabase Dashboard → Edge Functions → ask-assistant → Secrets.
When a limit is exceeded:
Retry-After: <seconds>retryAfter and a user-facing error message{
"ok": false,
"error": "Rate limit exceeded. Try again in 42 seconds.",
"retryAfter": 42
}
The Firewater app surfaces this message so users know when to retry.
Contact [security@YOURDOMAIN.com] to report vulnerabilities.