Security
Park Entra is built with security at every layer. Here’s how we protect your community’s data.
Tenant Isolation
Every property on Park Entra operates in a completely isolated environment. Row-level security (RLS) policies are enforced at the database level, ensuring that one community’s residents, vehicles, enforcement records, and financial data are never accessible to another community. Isolation is not a feature toggle — it is an architectural guarantee embedded in every query.
Encryption
All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher. Data at rest is encrypted using AES-256 encryption on our database infrastructure. Payment information is handled exclusively by Stripe, a PCI DSS Level 1 certified processor — we never store, process, or have access to full payment card numbers.
Authentication & Access Control
Park Entra uses Supabase Auth for secure authentication with bcrypt-hashed passwords and secure session management. Role-based access control (RBAC) ensures that each user — whether an administrator, enforcer, manager, or resident — only has access to the data and functionality appropriate for their role. API routes validate both authentication and authorization on every request.
Infrastructure
Our application is hosted on Vercel’s edge network with automatic DDoS protection and global CDN distribution. Our database is hosted on Supabase’s managed infrastructure, which runs on Amazon Web Services (AWS) with automated backups, point-in-time recovery, and high availability. The platform is built and maintained by our team in Irvine, California.
Audit Logging
Every significant action on the platform is recorded in an immutable audit log. Vehicle registrations, enforcement actions, payment transactions, staff changes, and configuration updates are all timestamped and attributed to the acting user. Administrators can review the complete audit trail for their property at any time.
Application Security
Park Entra enforces strict security headers including HSTS (HTTP Strict Transport Security), X-Frame-Options, X-Content-Type-Options, a restrictive Referrer-Policy, and a locked-down Permissions-Policy. All user inputs are validated and sanitized to protect against injection attacks and cross-site scripting (XSS). We follow OWASP best practices in our development lifecycle.
Responsible Disclosure
If you discover a security vulnerability in Park Entra, we ask that you report it responsibly. Please email support@parkentra.com with details of the vulnerability. Do not publicly disclose the issue until we have had an opportunity to investigate and address it. We appreciate the security research community and are committed to working with researchers to keep Park Entra safe.
Questions about our security practices? Contact us at support@parkentra.com