Trust

Security at every layer.

Starvo handles the reputation of your business. Here's exactly what we do to keep your data — and your customers' data — safe.

Access control

  • Server-enforced ownership. Every API route verifies that the authenticated user owns the record. UI gating is defense in depth, not the gate.
  • Role-based permissions. Owner, Manager, and Staff roles are checked server-side on every action.
  • Admin routes are secret-gated. The internal admin panel requires a long-lived secret in addition to authentication.
  • Cron routes are gated by a separate CRON_SECRET using timing-safe comparison.

Database

  • Row-level security (RLS) on every table — no service can read or write a row that doesn't belong to its caller.
  • Managed Postgres via Supabase. Backups, point-in-time recovery, and HTTPS-only connections.
  • Race-prone writes (location creation, quota claims) use Postgres advisory locks via RPCs to avoid double-spend.
  • Soft deletes with a 48-hour recovery window. Hard delete is a scheduled job, not an instant action.

Payments

  • Dodo Payments is the Merchant of Record. Starvo never stores or sees card details.
  • Webhooks are signature-verified using the Standard Webhooks signing protocol.
  • Idempotent event handling. Every webhook event is deduplicated by event ID so retries are safe.

Transport and headers

  • HTTPS only. HSTS preload, 2-year max-age, includeSubDomains.
  • Strict Content Security Policy — no inline scripts beyond fonts and Google OAuth flows.
  • X-Frame-Options DENY on app pages, frame-ancestors 'self' in CSP.
  • Permissions-Policy blocks camera, microphone, geolocation, and FLoC.

FAQ

Who owns the review data?
You do. Private feedback collected through your QR code belongs to your business. You can export it any time as CSV from your dashboard. Starvo does not sell your data and does not share it with third parties beyond what is required to run the service (e.g., Supabase, Groq, Resend).
Is Starvo GDPR-compliant?
Yes. We store the minimum data needed to run the service. Customers submitting reviews can do so anonymously — email is optional. On account deletion, your data enters a 48-hour soft-delete window then is hard-deleted by a scheduled job.
How do I delete my account?
From Settings → Danger zone, request deletion. Your account enters a 48-hour grace period during which you can cancel the deletion. After 48 hours, your business, reviews, and any private data are permanently removed.
How secure is Starvo?
All API routes verify ownership server-side, all admin and cron routes are secret-gated, and all webhook events are signature-verified and deduplicated. Database access uses row-level security. Card details are handled by Dodo Payments (a Merchant of Record) — Starvo never sees them.
Where is my data stored?
Your data lives in a managed Postgres database via Supabase, with row-level security enforced on every table. Background services (email, AI, payments) only see the minimum payload needed for the task.
Privacy policy →Terms of service →