← Back to home

Trust

Security guidelines

Last updated: June 27, 2026

This page is maintained by the Weld.Doc team to answer common questions about how we handle security. It describes current practices, not a third-party certification.

Authentication

Weld.Doc supports email-and-password sign-in. Sessions are managed by our authentication provider (Supabase Auth) and stored in secure, HTTP-only browser cookies. We recommend using a unique, strong password and signing out on shared devices.

Encryption in transit

All traffic between your browser and Weld.Doc is encrypted using TLS. Connections between Weld.Doc and the managed database and file storage are also encrypted.

Per-organisation isolation

Every row in our database is scoped to a single organisation and protected by row-level security policies, so authenticated requests from one organisation cannot read or modify data belonging to another.

Uploaded files

Supporting documents, photos, and certificate assets you upload are stored in private object storage tied to your organisation. Access from the app requires a valid signed-in session; files are not publicly listed or browsable.

QR verification

ID cards include a QR code that links to a public verification page. That page shows only the fields needed to confirm qualification status — not your full internal records or other welders in your organisation.

Backups

Our managed database provider takes daily snapshots and retains them on a rolling window for disaster recovery.

Your responsibilities

  • Keep your password private and unique to Weld.Doc.
  • Sign out on shared devices.
  • Review the email addresses on your account and alert settings regularly.
  • Use master list and certificate exports to keep your own copies of critical qualification data.
  • Limit who can sign in to your organisation's workspace.

Reporting a vulnerability

If you believe you've found a security issue, please email security@welddoc.in with steps to reproduce. Please give us a reasonable window to investigate and respond before public disclosure.

Note: Weld.Doc is in active development. This page describes current security practices and will be updated as the product matures. It is not a certification or a legal warranty.

Weld.Doc © 2026

← Back to home