Pulse Check

Security Center

Review Pulse Check security, account protection, admin access, and launch safety tasks.

Auth

Active

Admin Roles

Planned

RLS

Review

Security Status

Preparing

Security Overview

Pulse Check handles safety check-ins, contacts, alerts, and user settings. Before public launch, security should be reviewed carefully.

Needs Review Before Launch

Security Checklist

Supabase Auth

Active

Users must be signed in before accessing protected app pages.

Row Level Security

Review

Confirm users can only read and edit their own records.

Admin Protection

Needed

Admin pages should be restricted to Owner/Admin roles only.

Cron Secret

Active

Protected API routes should require CRON_SECRET.

Recommended Admin-Only Pages

/admin

Main admin dashboard.

/users

User management.

/audit

Audit logs.

/status

System status.

/backups

Backup and restore planning.

/roles

Roles and permissions.

Launch Security Steps

1

Create admin role field

Add role support to profiles or a dedicated admin table.

2

Protect admin routes

Redirect non-admin users away from admin-only pages.

3

Review RLS policies

Confirm each table only exposes the right user data.

4

Test API security

Confirm cron APIs reject requests without the correct secret.

5

Legal review

Review privacy policy, terms, and emergency-service disclaimers.

Quick Links

RolesAdminSystem StatusLaunch Checklist