Client-only records
Client tables are locked so clients see only their own logs, unless an approved admin/staff account is accessing them.
V68 Client Security
This page summarizes the security hardening added to the portal and the Supabase settings that still need to be enabled in the dashboard.
Client tables are locked so clients see only their own logs, unless an approved admin/staff account is accessing them.
The backend dashboard now checks the admin_users table and blocks normal client accounts.
Lab and DNA uploads use private Supabase storage buckets with user-folder policies.
The client portal stays locked until the account is signed in and email is verified.
Tracking events now redact sensitive health, lab, DNA, food, workout, sleep, and notes fields.
Client portal sessions lock after inactivity.
V68_CLIENT_SECURITY_HARDENING.sql.admin_users as owner/admin.