Trust

Private by design

Slice.fo is built so the vault stays shut to everyone but verified members. Here's exactly how.

Sealed, private catalog

No product data is sent to logged-out visitors. Server components and API routes verify the session before returning a single product. The public sees the brand — never the inventory.

Row-level security (RLS)

Every table in Postgres is protected by Supabase RLS policies. Members can only read their own orders, items and downloads. Product writes are restricted to admins.

Encrypted private storage

Deliverable files live in a private Storage bucket with no public URL. They are never directly addressable.

Signed, expiring downloads

Downloads are issued as short-lived signed URLs, generated only after we confirm you own the order. Links expire automatically and can be regenerated.

Auth-gated routes

Middleware redirects unauthenticated requests away from every private route, and private pages carry noindex headers so they never reach a search index.

Trusted payments

Card payments run through Stripe Checkout — we never touch raw card data. Fulfilment happens server-side after a verified payment event.

Responsible disclosure

Found a vulnerability? We take it seriously. Email security@slice.fo with details and steps to reproduce. Please don't access member data or disrupt the service while testing.