Data Security at RoostPay

1. Our Secure Infrastructure

RoostPay is built on Supabase, a trusted, enterprise-grade database and authentication platform. By leveraging this infrastructure, we ensure that your data is protected by the same modern security standards used by global financial and healthcare applications.

2. Bank-Level Encryption

We utilize state-of-the-art encryption protocols to ensure that your data is unreadable to unauthorized parties, whether it is sitting in our database or moving across the internet.

• Encryption in Transit: All communications between your device (mobile app or web browser) and our servers are encrypted using TLS 1.2+ (Transport Layer Security). This prevents interception of your data over the network.
• Encryption at Rest: All user data, including database records and stored files, is automatically encrypted at rest using AES-256 encryption-the industry standard for securing highly sensitive information.

3. Secure Vaults for Highly Sensitive Data

For your most critical information-such as Social Insurance Numbers (SINs) and bank account details-standard database encryption isn't enough.

• We utilize Supabase Vault and Transparent Column Encryption.
• This means highly sensitive data fields are individually encrypted using dedicated cryptographic keys before they are ever stored. Even in the highly unlikely event of a database breach, these specific fields remain entirely inaccessible and locked within secure, encrypted vaults.

4. Document Storage & Protection

RoostPay securely generates, processes, and stores official employment and tax documents, including:

• Bi-weekly or monthly Paystubs
• TD1 Forms (Personal Tax Credits Return)
• T4 Forms (Statement of Remuneration Paid)

These documents are not stored on public servers. They are held in secure, private storage buckets. Document retrieval requires strict, time-limited authentication tokens, meaning a document can only be downloaded by the specific employer or employee it belongs to, exactly when they request it.

5. Strict Access Controls (Row Level Security)

We employ Row Level Security (RLS) across our entire database. This is a strict architectural safeguard ensuring that users can only interact with their own data.

• For Employers: You can only view the payroll records, schedules, and documents of your specific household and authorized employees.
• For Employees: You can only view your personal paystubs, logged hours, and tax documents.
• RLS acts as a mathematical guarantee at the database level that cross-account data leakage cannot occur.

6. Continuous Monitoring and Compliance

• PIPEDA Alignment: Our security practices are designed to comply with the Personal Information Protection and Electronic Documents Act (PIPEDA), ensuring your data is handled with the highest level of privacy and care.
• Authentication: We use secure, industry-standard JSON Web Tokens (JWT) to manage user sessions, preventing unauthorized access to idle accounts.
• Resilience: Our databases feature continuous backups and Point-in-Time Recovery, ensuring that your payroll records are protected against accidental deletion or system failures.