// Security

Your clients trust you. We protect that trust.

Interior design projects contain sensitive data - addresses, floor plans, budgets, personal preferences. Every tool you use must earn the same trust your clients place in you.

Data isolation at the database level

Every table in the database is protected by row-level security (RLS). Even if a bug existed in the application code, the database enforces access exclusively to your data. No other designer on the platform can see or query your records.

PIN-protected client portal

Clients enter the portal through a unique link with a PIN code. No account creation, no passwords, no app to download. The PIN is validated with timing-safe comparison, eliminating brute-force attacks. Portals can have expiry dates - after the deadline, content becomes read-only.

Two-factor authentication (MFA)

Designer accounts support TOTP-based MFA. Enable it in Settings - every login requires your password plus a code from your authenticator app. The platform enforces AAL2 level, so there is no way to bypass MFA once enabled.

GDPR compliance

Your data is stored on EU servers (AWS eu-central-1) and encrypted in transit (TLS) and at rest. You have full ownership of your data. Deleting your account triggers a cascade delete of all projects, rooms, products, presentations, surveys, moodboards, and files. No data is retained after deletion.

Password policy

All accounts require passwords with minimum 8 characters, at least one uppercase letter, and one digit. All public endpoints - including portal PIN entry, presentation views, and survey submissions - are protected by rate limiting.

Security audits

The platform undergoes regular security audits and penetration testing. Vulnerabilities found - including IDOR protections on portal links, cross-resource write validation on presentations and surveys, and survey payload size limits - have been identified and fixed.

Your data belongs to you

We don't analyze your projects for advertising. We don't share client data with third parties. We don't train AI models on your design work. When you delete a project - it's gone. When you delete your account - everything goes with it.

Questions about security? Write to security@liru.app

Sign up