How we keep your tracked documents and your viewers' data safe. Written in plain language. No marketing fluff.
Every layer that stops a confidential PDF from leaking.
Passwords are bcrypt-hashed in Postgres (12 rounds). Verification happens server-side via a SECURITY DEFINER RPC. A wrong password returns 401 before any PDF byte is served, no DevTools bypass possible.
The PDF bucket is private. The viewer mints a 10-minute signed URL via an edge function only after password + link-validity checks. No long-lived public URLs.
Set an expiration date per link. After that point the link returns 410 and refuses to mint any URL. You can also revoke a link instantly from the dashboard.
Viewer email + timestamp burned into each PDF page as a CSS overlay. Discourages forwarding and traces leaks back to the source.
Hide the download button, disable right-click and Cmd+S/Cmd+P shortcuts in the viewer. Stops casual sharing; a determined attacker can still screenshot, so we tell you so.
A domain only appears on the public Recon Network after at least 3 distinct visitors have been tracked. Single-visitor data is never exposed.
Where your data lives and which rules we follow.
All data is stored in our Supabase region (Frankfurt, eu-central-1). No transfers outside the EU/EEA except for Stripe billing (US, Standard Contractual Clauses) and Brevo email (EU, France).
Document tracking: legitimate interest (Art. 6(1)(f)) for the sender, balanced by viewer transparency (the "tracked" pill). Network contribution: explicit consent (Art. 6(1)(a)) with toggle in Settings.
Access, rectification, erasure, restriction, portability, objection. Email contact@tryrecon.app, we reply within 30 days. Right to lodge a complaint with the CNIL.
We're starting the SOC 2 process in Q4 2026. Our security posture is already aligned with the controls (encryption, access logging, MFA, vendor reviews).
Document sessions: kept while your account is active. Closed accounts: 30 days then full purge. Viewer right-to-erasure honoured within 7 days.
Supabase (EU hosting + DB), Brevo (email FR), Stripe (billing US, SCCs), Anthropic (Radar AI, US, no PDF content sent), Netlify (static CDN). DPA on demand.
How we defend the platform itself.
TLS 1.3 everywhere via Netlify (Cloudflare CDN) and Supabase (Cloudflare-fronted). No HTTP redirects, HSTS enabled.
AES-256 on Postgres and S3-backed storage. Backups encrypted and rotated daily.
Postgres RLS enforced on every public table. Each user can only read/write their own data. Verified via Supabase advisors before each release.
Email/password (bcrypt) + Google OAuth via Supabase Auth. 2FA TOTP available in Settings → Security. Active sessions list with one-click sign-out.
Email-protection scanners (Mimecast, Proofpoint, Outlook ATP) are auto-flagged and excluded from your stats. Real human visits only.
Found a security issue? Email contact@tryrecon.app with "SECURITY" in the subject. We acknowledge within 24h and credit reporters in our release notes if they wish.
We have a ready-made DPA template you can request at contact@tryrecon.app. For procurement security questionnaires (SIG, CAIQ), reply to the same address and we'll fill it within 5 business days.
Last updated May 17, 2026 · Recon Network privacy