Security at GROVE
GROVE is in beta, but security is not an afterthought. This is what protects your data today.
EU hosting
All application data is stored on Supabase infrastructure in Frankfurt, Germany (AWS eu-central-1). Web hosting runs on Vercel.
Access control
Every database table is protected with row-level security (RLS). Group content is only readable by that group's members. Invite links carry hashed tokens with expiry and usage limits.
Account protection
Sign in with email + password or Google. Add two-factor authentication with any authenticator app (TOTP), or register a passkey and sign in with your fingerprint, face, or PIN — no password needed.
Payments
Subscriptions are processed by Stripe. Card details never touch GROVE's servers.
Transport encryption
All connections use TLS. There is no unencrypted access to the app or the API.
Report a concern
Found a vulnerability? Please write to us — we read every report.
pmreichelt@gmx.de