Goodumans trust
Security
Goodumans is designed around user control, structured profile data and careful publishing. These are the launch security principles to keep in place as the product goes live.
User-controlled publishing
Profiles remain drafts until the user publishes them. Public pages only expose the sections the user has added.
Dedicated app namespace
Goodumans tables live in the goodumans Postgres schema so the app can share a Supabase project cleanly.
Review-first AI
AI can structure and improve content, but the user reviews and edits before anything becomes a public identity.
Environment-based secrets
Database, AI, email and cron secrets should be stored as platform environment variables, never committed to the repo.
Before public launch
Confirm Supabase row-level policies, production environment variables, email sender domain, cron secret, backup policy and abuse reporting flow before actively inviting users.