Security at GROVE

GROVE is in beta, but security is not an afterthought. This is what protects your data today.

EU hosting

All application data is stored on Supabase infrastructure in Frankfurt, Germany (AWS eu-central-1). Web hosting runs on Vercel.

Access control

Every database table is protected with row-level security (RLS). Group content is only readable by that group's members. Invite links carry hashed tokens with expiry and usage limits.

Account protection

Sign in with email + password or Google. Add two-factor authentication with any authenticator app (TOTP), or register a passkey and sign in with your fingerprint, face, or PIN — no password needed.

Payments

Subscriptions are processed by Stripe. Card details never touch GROVE's servers.

Transport encryption

All connections use TLS. There is no unencrypted access to the app or the API.

Report a concern

Found a vulnerability? Please write to us — we read every report.

pmreichelt@gmx.de