Your Portal, kept private.
This page describes the security and privacy controls we operate. It reflects our current practices and is updated as our platform evolves. Nothing here implies external certification.
Authentication & access
Email + Google sign-in. Every portal route is gated by an authenticated session, and every server call is validated with a bearer token before any data is returned.
Your data is isolated
Ambassadors, outfit drops, deliverables and orders are protected by row-level security in our database. You can only see and modify your own records — full stop.
Server-side enforcement
Pricing, ownership and status checks all run on the server. Client-supplied prices, roles and statuses are ignored. Admin operations require a verified admin role.
Questions or a concern?
If you spot anything that looks off, email us and we'll respond promptly. We disclose security incidents to affected customers without delay.
Data we store
Account profile (name, email), your Ambassadors and their generated assets, your outfit-drop submissions and order history. We do not sell personal data.
Last updated June 2026.