Skip to main content

Security

Your data, isolated and protected by design

Google Sign-In, encrypted authentication, and strict organization-level data isolation enforced at the database.

zorexa.ai/dashboard
Preview

Overview

The Grand Bistro · London, UK

Preview

Avg. Rating

4.8

+0.2

Reply Rate

98%

+4%

Reviews/Mo

47

+12

Rating Trend

6 months

Recent Reviews

View all
SM

Sarah M.

2h ago
Replied

Absolutely amazing — the team went above and beyond!

AI Reply

Thank you so much, Sarah! We're thrilled you had such a great experience with us.

JT

James T.

5h ago
Replied

Great place overall. Food was excellent, service was very friendly.

AI Reply

Thanks for the kind words, James! We really appreciate your support.

Overview

Security at Zorexa isn't a settings toggle — it's built into the architecture. Every business's data is isolated at the database level, authentication is handled through Supabase's encrypted auth system, and every sensitive action is captured in an audit trail.

Benefits

Google Sign-In

Sign in with your existing Google account, or use email and password — your choice.

Encrypted authentication

Passwords are never stored in plain text; all traffic is encrypted in transit.

Organization isolation

Every business's reviews, settings, and team members are strictly separated — enforced at the database, not just the app layer.

Audit logs

Sensitive actions — publishing, billing changes, team changes — are recorded in a searchable activity log.

Why It Matters

App-level security checks alone aren't enough — a bug in application code could otherwise expose one business's data to another. Zorexa enforces data isolation with Postgres Row Level Security, meaning access control is checked at the database itself for every single query, not just trusted to the application.

How It Works

Every table checks organization membership

Database policies require every read and write to prove the requesting user belongs to that organization — with no exceptions or fallback paths.

Roles gate what actions are possible

Beyond isolation, your specific role (Owner, Admin, Manager, etc.) determines exactly which actions you can take within your own organization.

Every sensitive action is logged

Publishing a reply, changing a billing plan, updating team roles — all captured in the activity log with who, what, and when.

Best Practices

Use Google Sign-In if your team already uses Google Workspace

It's one less password to manage and keeps access tied to your existing Google account security.

Review the activity log periodically

A quick scan of recent activity is a good habit, especially after granting new team access.

Keep the Owner role limited to trusted individuals

Owners and Admins have the broadest access, including billing — assign it deliberately.

FAQ

Frequently Asked Questions

Not yet — it's on our roadmap. If this is important for your business, let us know via Contact Support.

Mulakan Hari Ini

Bersedia untuk automasikan reputasi anda?

Mula membalas setiap ulasan secara automatik — percuma untuk bermula, tiada kad kredit diperlukan.

Tiada kad kredit diperlukan · Batalkan bila-bila masa