Legal Privacy Terms Security
Draft — attorney review required

Security Policy

Effective: [DATE] · Last updated: [DATE]
[COMPANY LEGAL NAME]

1. Overview

Firewater is a cloud-hosted application for licensed retailers. This policy describes data protection and abuse prevention, including AI rate limiting.

2. Data isolation (RLS)

Each store has a unique store ID. Supabase Row Level Security ensures:

  • The public anon key cannot access tenant data directly.
  • The app exchanges a store access key for a short-lived JWT (24h) with a store_id claim.
  • Database policies allow access only to that store’s rows (inventory, count_history, hub_data).

Tables store_api_keys, app_secrets, and ai_rate_limits are not accessible from the browser.

3. AI rate limiting

The ask-assistant edge function enforces limits to prevent abuse and control LLM cost.

Default limits

Edge secretDefaultScope
AI_RATE_BURST_PER_MIN3Per IP, per minute
AI_RATE_SOMMELIER_HOUR12Sommelier, per IP, per hour
AI_RATE_INVENTORY_HOUR8Inventory AI, per IP, per hour
AI_RATE_STORE_HOUR12All AI, per store, per hour
AI_RATE_STORE_DAY40All AI, per store, per day
AI_RATE_IP_DAY30Per IP per mode, per day

Configure in Supabase Dashboard → Edge Functions → ask-assistant → Secrets.

429 response

When a limit is exceeded:

  • HTTP status 429 Too Many Requests
  • Header Retry-After: <seconds>
  • JSON body includes retryAfter and a user-facing error message
{
  "ok": false,
  "error": "Rate limit exceeded. Try again in 42 seconds.",
  "retryAfter": 42
}

The Firewater app surfaces this message so users know when to retry.

4. Other controls

  • HTTPS for all traffic
  • LLM and Twilio keys server-side only
  • Inventory AI: manager/owner only; Sommelier: signed-in staff
  • Prompt max length: 4,000 characters

5. Reporting issues

Contact [security@YOURDOMAIN.com] to report vulnerabilities.

← All legal documents · Back to app