Goodumans trust

Security

Goodumans is designed around user control, structured profile data and careful publishing. These are the launch security principles to keep in place as the product goes live.

User-controlled publishing

Profiles remain drafts until the user publishes them. Public pages only expose the sections the user has added.

Dedicated app namespace

Goodumans tables live in the goodumans Postgres schema so the app can share a Supabase project cleanly.

Review-first AI

AI can structure and improve content, but the user reviews and edits before anything becomes a public identity.

Environment-based secrets

Database, AI, email and cron secrets should be stored as platform environment variables, never committed to the repo.

Before public launch

Confirm Supabase row-level policies, production environment variables, email sender domain, cron secret, backup policy and abuse reporting flow before actively inviting users.