Lodge Connect

Security

Last updated: February 2026

We take the security of your data seriously. Lodge Connect is built with multiple layers of security to protect your personal information and ensure the integrity of lodge data. This page provides an overview of our technical security measures.

Infrastructure

Lodge Connect is hosted on Vercel in the London, UK region, ensuring low latency for UK-based users. Our database is hosted on Supabase PostgreSQL in the London (eu-west-2) region. All data is stored within the UK and the European Union, in compliance with UK data protection requirements.

Both Vercel and Supabase maintain SOC 2 Type II compliance and provide enterprise-grade infrastructure with automatic failover, backups, and monitoring.

Encryption in Transit

All connections to Lodge Connect are encrypted using TLS 1.3, the latest and most secure version of the Transport Layer Security protocol. HTTP Strict Transport Security (HSTS) is enforced, ensuring that browsers always connect over HTTPS. All API calls between the application and the database are similarly encrypted.

Encryption at Rest

The database is encrypted at rest with AES-256 encryption, provided by the Supabase infrastructure. This means your data remains encrypted on disk even if the physical storage medium were to be compromised. Database backups are also encrypted.

Authentication

User authentication is handled by Supabase Auth, which provides secure email/password and magic link authentication. Sessions are managed using httpOnly cookies with the following security properties:

  • httpOnly: Session cookies cannot be accessed by JavaScript, protecting against cross-site scripting (XSS) attacks
  • Secure: Cookies are only transmitted over HTTPS connections
  • SameSite Strict: Cookies are not sent with cross-site requests, protecting against cross-site request forgery (CSRF)
  • 7-day expiry: Sessions automatically expire after 7 days, requiring re-authentication

Authorization

Lodge Connect uses a multi-layered authorization model:

  • Role-based access control: Every user action is checked against a permission-based system. Permissions are granted based on roles (member, secretary, treasurer, director of ceremonies) and are scoped to specific lodges
  • Row Level Security (RLS): Every database table has Row Level Security policies enabled, providing a database-level safety net that enforces access control even if application code has a bug
  • Server-side enforcement: All permission checks happen on the server. Client-side UI elements are hidden for convenience, but the server is the authoritative source for all access decisions

Payment Security

Card payments are handled entirely by Stripe, which is PCI DSS Level 1 certified — the highest level of security certification in the payment card industry. Lodge Connect never stores, processes, or has access to your full card number, expiry date, or CVV.

Card details are entered directly into Stripe's secure embedded payment form (Stripe Elements), which communicates directly with Stripe's servers. Payment confirmations are received via authenticated webhooks with HMAC-SHA256 signature verification.

Security Headers

Lodge Connect sends the following security headers with every response to protect against common web vulnerabilities:

  • Content-Security-Policy: Restricts the sources from which scripts, styles, and other resources can be loaded, with nonce-based script allowlisting
  • X-Frame-Options: DENY: Prevents the site from being embedded in iframes, protecting against clickjacking attacks
  • X-Content-Type-Options: nosniff: Prevents browsers from MIME-type sniffing responses
  • Strict-Transport-Security: Enforces HTTPS for all future requests
  • Referrer-Policy: strict-origin-when-cross-origin: Controls what referrer information is sent with requests
  • Permissions-Policy: Restricts access to browser features such as camera, microphone, and geolocation

Audit Trail

All significant actions on the Platform are logged in an immutable, append-only audit trail. This includes bookings, payments, document access, role changes, and administrative actions. Audit logs record the actor, the action, the affected resource, and a timestamp, ensuring full accountability and traceability.

Audit logs are retained for 7 years and cannot be modified or deleted.

Data Protection

Lodge Connect processes personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We provide:

  • Data export from your account settings (right of access and portability)
  • Account deletion with immediate PII scrubbing (right to erasure)
  • Profile editing for keeping your information accurate (right to rectification)
  • Minimal data collection (data minimisation principle)

For full details, please see our Privacy Policy.

Responsible Disclosure

If you believe you have discovered a security vulnerability in Lodge Connect, we encourage you to report it responsibly. Please contact us at security@lodgeconnect.co.uk or through our contact form (select “Technical Issue” as the subject).

Please do not publicly disclose any vulnerability until we have had a reasonable opportunity to investigate and address it. We appreciate your help in keeping Lodge Connect secure for all users.