Security

Rasmere is built for corporate users handling commercially sensitive site appraisals. The platform follows three rules: least-privilege access, encryption by default, and a clear separation between public planning data and customer-owned material.

We treat every site address a customer enters as confidential, regardless of whether the underlying planning record is public. Inputs and reports are scoped to the account that produced them.

All traffic to rasmere.com and its API surface is served over TLS 1.2 or higher. HTTP requests are redirected to HTTPS. Internal service-to-service calls inside our hosting provider remain on the encrypted private network.

Customer data, reports, and authentication records are stored in a managed Postgres database with disk-level encryption (AES-256). Database backups are encrypted with the same key class and retained according to the provider's standard schedule.

Uploaded documents (such as career CVs and project documents) live in encrypted private storage buckets that are not publicly listable.

Customer-facing tables enforce row-level security: queries scoped to the authenticated user can only return that user's rows. Sensitive columns (raw scraper payloads, officer free-text reports, scraper internals) are revoked from the public API and only readable by server-side admin code.

Administrative access to production is role-gated through a separate user_roles table evaluated by a security-definer function, not by client-side flags. No "admin" boolean lives on the user profile.

Service-role keys, payment gateway credentials, and third-party API keys are stored in our hosting provider's encrypted secret manager and exposed only to server-side runtimes. They are never bundled into client code and never logged.

Payments are processed by Stripe through an isolated connector gateway. Rasmere does not store full card numbers or CVC codes; only the Stripe customer and subscription identifiers required to reconcile billing.

Sign-in supports email and password (with optional leaked-password screening against the Have I Been Pwned dataset) and Google OAuth. Sessions use signed JWTs with refresh rotation. There is no anonymous sign-up; every account is tied to a verified email.

The application runs on a UK/EU-region managed edge runtime in front of a managed Postgres cluster. Background ingestion (planning case scrapers, refusal categorisation) runs on scheduled jobs authenticated with a service-role bearer token using constant-time comparison.

Webhooks (payments, email) verify HMAC signatures over the raw request body before any side effect is performed.

Server logs, edge function logs, and database activity are retained by our hosting provider for operational debugging. We run automated dependency vulnerability scans and review the database security linter against every schema change.

If you believe you have found a security issue, email security@rasmere.com. Please do not disclose publicly until we have had a reasonable opportunity to respond.