Security and privacy, built in
Your data is protected at every layer of Mapster, with encryption, certified infrastructure, and transparent data practices.
Documentation
Encrypted in transit and at rest
Your data is protected whether it is moving between your browser and our servers, or sitting in our database.
Encrypted in transit
All traffic is encrypted with HTTPS (TLS 1.2 or higher).
Encrypted at rest
Data is encrypted at rest in our Supabase PostgreSQL database (AES-256).
Managed backups
The database is fully managed, with automated backups.
Secure authentication
Sign-in is handled by Clerk, a dedicated identity provider that is SOC 2 Type II certified.
We never store your password
Clerk manages credentials and password hashing. Mapster never sees or stores your password.
Secure sessions
Sessions use secure, httpOnly cookies with short-lived tokens.
Social sign-in and MFA
Social sign-in and multi-factor authentication are supported through Clerk.
Payments handled by Stripe
We never see or store your card details. All billing runs through Stripe, which is PCI DSS Level 1 certified.
No card data on our servers
We store only a Stripe customer reference, never card numbers, CVVs, or payment tokens.
Verified webhooks
Payment webhooks are cryptographically verified before they are trusted.
Built on certified infrastructure
Mapster is built on SOC 2 Type II certified infrastructure: Vercel, Supabase, Stripe, and Clerk. These are the same platforms used by large enterprises to run critical workloads.
The app is hosted on Vercel's global edge network with built-in DDoS protection, automatic HTTPS, and security patching at the infrastructure layer.
Who touches your data
We work with a small set of trusted providers, each for a specific purpose.
| Provider | Purpose |
|---|---|
| Vercel | Hosting and content delivery |
| Supabase | Database hosting |
| Clerk | Authentication and account management |
| Stripe | Payment processing (no card data stored by us) |
| Mapbox | Maps and location rendering |
| Resend | Transactional email |
| PostHog | Product analytics |
Questions about security? Contact us. You can also read our privacy policy.