Security

Enterprise-grade security for global field operations

Multi-tenant data isolation, 50+ row-level security policies, role-based access control, and complete audit trails — built for enterprises that cannot compromise on data protection.

50+RLS policies

Authentication

Supabase Auth with email/password and OTP
JWT token-based API access
Secure session management for web and mobile

Authorization

Four roles: employee, sales_manager, director, admin
Row-level security on all 28 database tables
Organization-scoped queries — zero cross-tenant access

Audit Trail

approval_history with IP address and user agent
Timestamp tracking on all state changes
GPS location points with session linkage for evidence

Data Validation

Zod schema validation on all API endpoints
Database constraints and foreign keys
Expense limit validation at submission time

Privacy by design

Scootee tracks GPS location only during active shift sessions — not 24/7. Employees explicitly start and end sessions. Location data is encrypted in transit and at rest, scoped to organization tenants, and accessible to employees for their own records.

Full security architecture

Ready to transform field operations?

Tell us about your global field workforce. We will show you how Scootee delivers GPS intelligence, verified mileage, AI document extraction, and enterprise-grade expense operations.