Security

Boring on purpose.

Freyaa runs the same plumbing your bank's developers do — strict tenant isolation, audited admin actions, encrypted traffic, EU-resident Postgres. None of it is exotic; all of it is wired in.

EU residency· Frankfurt

GDPR aligned· export & erasure

Stripe Connect· we never hold funds

Argon2id· password hashing

Audit log· before/after diffs

PITR· 7-day point-in-time

By the numbers

What we promise, in numbers.

Cross-tenant data accesses since launch.

Audited sub-processors, all EU or hybrid.

0 days

Point-in-time recovery window on Postgres.

Admin actions captured in the audit log.

The fundamentals

Three things that have to be right.

The unsexy plumbing that every committee asks about. Plain English versions of how we handle each one.

Tenant isolation

Each club lives behind its own wall.

Each club has its own subdomain and its own row-set. The middleware resolves the tenant from the URL and stamps every server-side query with that tenant id. A booking, member or audit row from one club is unreachable from another, even if a request asks for it directly.

Authentication

Sessions, hashed properly.

Sessions are HTTP-only cookies signed with a rotating server secret. Passwords use argon2id (memory-hard, side-channel-resistant). Per-account brute-force lockout, IP and user-agent recorded on every sign-in.

Encryption

HTTPS every hop, AES at rest.

All traffic is HTTPS — apex and every per-club subdomain. SSL certificates are auto-provisioned. Postgres is encrypted at rest by Neon; backup snapshots inherit the encryption. Stripe handles cards directly; we never see card numbers.

Audit & accountability

Every change is logged with a before/after diff.

Bookings, members, courts, rules, tournaments and staff roles all land in an append-only audit log. Owners can search by actor, action or entity; the log is exportable for committee reviews. Soft-delete on every entity, so an accidental change is recoverable.

Actor, IP and user agent on every entry
Before/after diff per field, structured for filters
Soft-delete on key entities — accidental cancellations are recoverable
CSV export for committee or auditor review

audit_log

streaming

14:32booking.updateCourt 2 · Wed 14:00

by alex.t@riverside

13:18member.updateJ. Reyes · membership

by mira@riverside

tier:standard→premium

notify:email→email + sms

11:04court.createPadel B

by hi@freyaa.club

10:21member.suspendP. Hahn · 14d

by mira@riverside

no_show_count:2→3

Backups & recovery

Postgres is backed up continuously by Neon — we can restore the database to any point in the last 7 days. Daily snapshots are retained for 30 days. RPO (recovery point objective) is <5 minutes; RTO (recovery time objective) is <1 hour for the platform and same-day for an individual club requesting a rollback.

Vulnerability disclosure

Found something? Email security@freyaa.club. We respond within one working day, acknowledge the report, and keep you posted while we work on it. We don't have a paid bug bounty yet, but credible reports get credit and a thank-you.

Compliance & legal

Data resides in the EU. Our DPA, sub-processor list and privacy policy are public. We're happy to fill in a security questionnaire — email hello@freyaa.club.

Sub-processors

Nine vendors. All listed. All audited.

Each has a Data Processing Agreement on file. The list updates when the architecture changes — there's no hidden tier of vendors.

Vercel

EU + global

Hosting & CDN edge

Neon

eu-central-1

Postgres database

Cloudflare

EU + global

DNS, WAF, R2 storage

Stripe

Payments & Connect

Resend

Transactional email

Upstash

Redis (rate limit, idem.)

Inngest

Background jobs

Tomorrow.io

EU + global

Weather forecasts

Axiom / Sentry

Logs & errors

Need a security questionnaire filled in?

We've answered most of them — happy to send our standard responses for a SOC 2 / ISO 27001-style review.

Email security@freyaa.club