Security

Security Policy

This policy explains the security posture for the HomeyPoints marketing site and contact form.

Data minimization

The public site asks only for contact-form information needed to respond to service inquiries: name, email, brokerage, zip code, and message.

Do not submit passwords, payment card numbers, bank account details, Social Security numbers, sensitive legal documents, health information, or other sensitive data through the form.

Server-side secrets

Supabase service-role keys and other secrets are intended to be stored server-side only through environment variables.

The repository should not contain production secrets.

Reporting security issues

Report suspected security issues to hello@homeypoints.com. Include enough detail to understand the issue, but do not exploit, access, or disclose data that does not belong to you.