BreakdownCentral

Trust & Security at BreakdownCentral

Last updated: June 18, 2026

This page is maintained by BreakdownCentral to answer common security and privacy questions about our production-management platform. It describes practices currently in place — it is not an independent certification or audit report.

1. Security Overview

BreakdownCentral helps theatre and film teams manage productions, cast, crew, breakdowns, and call sheets. Protecting the data you and your collaborators entrust to us is core to how we build and operate the platform.

Security at BreakdownCentral is a shared responsibility. We secure the application code, access controls, and integrations we ship. Our infrastructure provider (Supabase) secures the underlying database, authentication service, and hosting layer. You and your team are responsible for choosing strong passwords, managing who you invite into your tenant, and assigning appropriate roles.

2. Access & Authentication

  • Authentication is handled by Supabase Auth using industry-standard password hashing.
  • Sessions use signed JWTs; tokens are stored client-side and refresh automatically.
  • Role-based access control: owner, admin, director, user, and actor roles scope what each member can see and do inside a tenant.
  • Roles are stored in a dedicated user_roles table and checked through a security-definer database function — they cannot be self-assigned from the client.
  • Database row-level security (RLS) policies enforce tenant isolation: members of one production company cannot read or modify another tenant's data.
  • Password resets are sent via verified email links with short expiration windows.

3. Platform & Hosting

  • Application data is stored in Supabase-managed PostgreSQL.
  • Server-side logic runs in serverless edge functions, scoped per request.
  • All traffic between your browser and BreakdownCentral is encrypted in transit (HTTPS / TLS).
  • Data at rest is encrypted by our hosting providers using their managed encryption.
  • Privileged service credentials are kept server-side only and are never exposed to the browser bundle.

4. Availability & Reliability

  • BreakdownCentral targets best-effort reliability suitable for production planning. We do not currently offer a contractual uptime SLA.
  • Our hosting and database providers maintain their own redundancy, backup, and monitoring infrastructure.
  • We monitor application errors and respond to incidents that affect availability or data integrity.

5. Data Collection & Use

  • We collect only the information you provide: account details, production data, cast and crew records, scenes, resources, call sheets, and messages you send through the platform.
  • Payment details are handled directly by Stripe; we never see or store card numbers.
  • We do not sell personal information, and we do not use your production data to train advertising or behavioral profiles.
  • Service emails and SMS are sent only for purposes you initiate (invitations, call sheets, audition updates, account messages).

6. Subprocessors & Integrations

  • Supabase — database hosting, authentication, file storage.
  • Stripe — subscription billing and payment processing.
  • Twilio — SMS delivery for call sheets and audition notifications.
  • SendGrid — transactional email delivery.

Each subprocessor receives only the data required for its function (e.g. Twilio receives phone numbers and message contents for SMS you initiate).

7. Cookies & Analytics

  • We use essential cookies and local storage to keep you signed in.
  • We do not run advertising trackers or third-party behavioral analytics.
  • You can clear cookies and site storage from your browser at any time.

8. Retention & Deletion

  • Your data is retained for as long as your account is active.
  • After account termination we retain data for up to 30 days to support recovery, then delete it from our active systems.
  • You can request earlier deletion by emailing support@breakdowncentral.com.
  • Backups held by our infrastructure providers are rotated on their schedule and aged out over time.

9. Privacy Requests

  • Access a copy of your personal data.
  • Correct information that is inaccurate.
  • Delete your account and associated personal data.
  • Opt out of non-essential communications.

Send privacy requests to support@breakdowncentral.com. See our Privacy Policy for full details.

10. Security Contact

To report a vulnerability or ask a security question, email security@breakdowncentral.com. Please include enough detail for us to reproduce the issue. We appreciate responsible disclosure and will acknowledge legitimate reports.

See also our Privacy Policy and Terms of Service.