Security posture

Trust without turning people into dots on a map.

Proxxi is built for nearby events, people, and city signal. The security model starts with privacy-first product design, then layers in access controls, monitoring, retention limits, and honest compliance language.

Location privacy

Nearby signal is not public tracking.

1
Approximate by defaultRadar avoids exposing exact coordinates, blue-dot closeness, turn-by-turn movement, or public trails.
2
Live location is deliberatePrecise live sharing is off by default, limited to existing connections, time-boxed, and can be stopped anytime.
3
Controls stay visibleGhost Mode, Radar visibility, alert snooze, blocking, reporting, and account deletion are user-facing controls.
Controls

Current security controls.

Data protection

API traffic uses HTTPS. Data stores rely on provider-managed encryption at rest. Private event details and precise-location records are limited by product scope and retention rules.

Access control

Supabase authentication, row-level security, server-side RPC boundaries, and least-privilege operational access reduce exposure of account and location data.

Monitoring

Crash, funnel, and operations telemetry are used to detect errors and quality issues. Sensitive fields such as exact coordinates, message bodies, and source URLs are redacted where practical.

Payments

Mobile purchases are staged through app-store billing and RevenueCat. Proxxi does not store card numbers in the mobile app.

Identity checks

Safety verification is handled by Persona when enabled. Proxxi receives verification status, not ID photos.

Incident response

Security reports are investigated, contained, documented, and escalated for user or regulator notification when required by applicable law.

Vendors

Core provider categories.

Proxxi uses service providers for infrastructure, authentication, analytics, diagnostics, identity verification, billing, push notifications, AI features, and public event source ingestion.

A
Infrastructure and authSupabase, Expo, Apple, and Google services support account, app, and push-notification workflows.
B
Trust and operationsPersona, Sentry, PostHog, RevenueCat, and app stores support verification, diagnostics, analytics, and billing.
C
Event and AI servicesTicketmaster, Eventbrite, official public sources, and configured AI providers support event coverage, moderation, translation, and recommendations.
Compliance

What Proxxi can say today.

Does Proxxi have SOC 2?

No completed SOC 2 report is claimed at this time. Proxxi maintains a readiness plan and evidence checklist for future SOC 2 work.

Is Proxxi ISO 27001 certified?

No ISO 27001 certificate is claimed at this time. Proxxi is organizing security management practices so a future certification project has a cleaner starting point.

Is Proxxi built for regulated healthcare workflows?

No. Proxxi's current scope is consumer and partner event discovery, proximity networking, messaging, and city intelligence. Regulated healthcare workflows would need a separate legal and security review before launch.