Security & trust
How Evaud keeps your Cyber Essentials evidence private, scoped to your workspace, and only visible to people you invite.
Workspace isolation
Every workspace is isolated. Database row-level security (RLS) policies enforce that evidence, assets, tasks, requirements, comments and reports are only visible to members of the workspace they belong to.
Private evidence storage
Uploaded files live in a private storage bucket. They are not publicly accessible. Downloads happen via short-lived signed URLs (5 minutes) generated only for authorised members.
Roles
Workspaces have Owner, Admin, Member and Assessor roles. Assessors are read-only and only see evidence and requirements you explicitly mark assessor-visible.
Authentication
Email/password and Google sign-in are supported. Email confirmation is required. Sessions are managed by managed cloud auth (Supabase).
Responsible disclosure
If you find a security issue, please contact us via /contact and allow us reasonable time to respond before public disclosure.
Pre-launch note: a formal security policy and sub-processor list will be published before paid launch.