Security
Your data, isolated and protected by design
Google Sign-In, encrypted authentication, and strict organization-level data isolation enforced at the database.
Overview
The Grand Bistro · London, UK
Avg. Rating
4.8★
+0.2Reply Rate
98%
+4%Reviews/Mo
47
+12Rating Trend
6 monthsRecent Reviews
View allSarah M.
Absolutely amazing — the team went above and beyond!
Thank you so much, Sarah! We're thrilled you had such a great experience with us.
James T.
Great place overall. Food was excellent, service was very friendly.
Thanks for the kind words, James! We really appreciate your support.
Overview
Security at Zorexa isn't a settings toggle — it's built into the architecture. Every business's data is isolated at the database level, authentication is handled through Supabase's encrypted auth system, and every sensitive action is captured in an audit trail.
Benefits
Google Sign-In
Sign in with your existing Google account, or use email and password — your choice.
Encrypted authentication
Passwords are never stored in plain text; all traffic is encrypted in transit.
Organization isolation
Every business's reviews, settings, and team members are strictly separated — enforced at the database, not just the app layer.
Audit logs
Sensitive actions — publishing, billing changes, team changes — are recorded in a searchable activity log.
Why It Matters
App-level security checks alone aren't enough — a bug in application code could otherwise expose one business's data to another. Zorexa enforces data isolation with Postgres Row Level Security, meaning access control is checked at the database itself for every single query, not just trusted to the application.
How It Works
Every table checks organization membership
Database policies require every read and write to prove the requesting user belongs to that organization — with no exceptions or fallback paths.
Roles gate what actions are possible
Beyond isolation, your specific role (Owner, Admin, Manager, etc.) determines exactly which actions you can take within your own organization.
Every sensitive action is logged
Publishing a reply, changing a billing plan, updating team roles — all captured in the activity log with who, what, and when.
Best Practices
Use Google Sign-In if your team already uses Google Workspace
It's one less password to manage and keeps access tied to your existing Google account security.
Review the activity log periodically
A quick scan of recent activity is a good habit, especially after granting new team access.
Keep the Owner role limited to trusted individuals
Owners and Admins have the broadest access, including billing — assign it deliberately.
FAQ
Frequently Asked Questions
Not yet — it's on our roadmap. If this is important for your business, let us know via Contact Support.
Ready to put your reputation on autopilot?
Start responding to every review automatically — free to start, no credit card required.
No credit card required · Cancel anytime
