Security is treated like an operating discipline, not an afterthought.
HVAC AI Rescue uses layered operational, technical, and access controls designed to protect client data, reduce preventable drift, and keep critical communications workflows reliable.
Scoped access and admin controls
Administrative actions, internal routes, and privileged workflows are separated from client-facing dashboard access where possible.
Platform integrity checks
The platform includes schema and entitlement audit surfaces designed to catch drift before it turns into silent operational risk.
Deterministic guardrails
Critical workflows increasingly move through deterministic scripts, validation checks, and deployment guardrails instead of manual improvisation.
How we approach security
- Restrict internal functionality behind explicit auth boundaries and secrets.
- Use managed infrastructure and service providers for hosting, data, messaging, payments, and authentication.
- Monitor key operational paths such as onboarding, messaging, billing, and campaign execution.
- Continuously harden route behavior, entitlement enforcement, and schema consistency.
Client account security
The dashboard now supports authenticated client access through Supabase Auth. As the platform continues to mature, privileged actions are being migrated away from browser-side assumptions and into authenticated backend-controlled routes.
Incident reporting
If you believe you found a security issue, suspicious access pattern, or data exposure risk related to HVAC AI Rescue, contact support@hvacairescue.com and include as much detail as possible, including affected page, account, and timeline.
Important note
This page is intended as a practical security overview for clients and prospects. It is not a formal certification statement, SOC report, or contractual security addendum.