SustainPro AI

Security

SustainPro AI is being hardened for evidence-heavy sustainability workflows. This page summarizes the current public pilot controls.

Authentication

Supabase-backed user sessions. Voucher creation and listing require a validated bearer token.

Voucher Storage

DB-backed voucher records with row-level ownership and mutation-blocking database triggers.

Public Verification

Public verify uses a sanitized SECURITY DEFINER function instead of direct anonymous table access.

Uploads

PDF uploads produce SHA256 hashes for evidence tracking. Public verification does not expose raw private file contents.

Calculator

Carbon math uses packaged factor data and emits source/hash provenance. Unsupported or conflicting factors fail closed.

Rate Limits

Public API routes are rate limited and expose security headers.

External board-grade certification, independent penetration testing, and optional external ledger anchoring remain separate launch governance steps.