Compliance Center

Security & Compliance Program

Policies, risk register, and vendor assessments that govern how EcoService Pro protects customer data. This page is maintained by EcoPowerHub AI LLC for prospects, auditors, and internal review. For disclosures contact engmartin@ecopowerhub.ai.

EcoService Pro — Security & Compliance Audit

Owner: EcoPowerHub AI LLC · Columbia, MD, USA Last updated: July 14, 2026 Status: Phase 2 (Governance) in progress

This document is the single entry point for auditors, prospects, and the internal security team. It links to the live policies, risk register, and vendor assessments that make up our compliance program.

1. Technical safeguards (Phase 1 — complete)

| Control | Evidence | | --- | --- | | Row-Level Security on all tenant tables | supabase/tests/roles_and_rls.sql (CI-enforced) | | Strong-password + HIBP leaked-password check | Supabase Auth config | | MFA (TOTP) available to all users | /team → Security tab | | Comprehensive audit logging | audit_logs table, src/lib/audit.server.ts | | Encryption at rest & in transit | Supabase (AES-256 at rest, TLS 1.2+ in transit) | | Input validation (Zod) on every server fn | src/lib/*.functions.ts | | Rate limiting on public endpoints | rate_limit_buckets + middleware | | Security event dashboard | /security (owners only) |

2. Governance policies (Phase 2)

All policies are version-controlled and reviewed annually. Drafts were co-authored with our internal ComplianceGuard AI reviewer and approved by the CEO.

3. Risk management

  • Risk Register — 12 tracked risks with likelihood, impact, owner, and mitigation status.

4. Vendor / sub-processor risk

5. Legal & user-facing

6. Contact

Security disclosures & compliance questions: engmartin@ecopowerhub.ai

Version-controlled source of truth for this document lives in the project repository. Material changes are reviewed by the Security Lead and approved by the CEO.