Security Encryption English

End-to-End Data Security & Encryption — How defte.co Protects Your Data

defte.co · June 2026 ~8 min read

defte.co is an international online appointment system available to salon owners worldwide — Turkey, Russia, Georgia, Germany, and beyond. Appointment data, customer records, and business information are protected by multi-layer encryption and security infrastructure that meets international standards.

Scope: This article explains how defte.co protects your data technically and conceptually. Our security infrastructure applies to users in Turkey, the EU (GDPR), Russia, and all other regions.

Encryption Layers

🔒 Transport Encryption (TLS 1.3) All data in transit between your browser and defte.co servers is encrypted with TLS 1.3. Safe to use on public Wi-Fi — network eavesdropping attacks cannot access your data.

🗄️ Database Encryption (AES-256) Supabase (PostgreSQL-based) stores the entire database encrypted with AES-256-GCM. Even physical server access cannot reach raw data.

🔑 Row-Level Security (RLS) At the database level, each salon owner can only access their own data. SQL-level isolation: another salon owner cannot read your records.

📱 Push Encryption (VAPID / FCM) Mobile and web push notifications are sent over encrypted channels. VAPID (web) and FCM (Android) standards ensure delivery only to the target device.

What Data Is Protected?

Appointment records: Date, time, service, and salon information — accessible only by the relevant salon owner.
Customer information: Name, phone number, email — isolated by RLS policy.
Business data: Service lists, staff records, working hours — access limited per salon.
Payment information: defte.co does not store card numbers or banking details. Payments are processed through independent secure payment infrastructure.
Login credentials: Passwords are never stored in plain text; secure hash algorithms are used (bcrypt / argon2).

Row-Level Security (RLS) — Cross-Salon Data Isolation

RLS is defte.co's most critical security layer. It operates at the PostgreSQL database level: every SQL query automatically receives a filter of "show only this salon's data."

This means the database itself guarantees isolation, rather than relying solely on application code. Even if there were a bug in application code, a malicious actor could not access another salon's data.

Example scenario: A hair salon in Istanbul and a beauty salon in Berlin may both use the platform, but they cannot access each other's appointment lists, customer phone numbers, or business information. RLS enforces this guarantee at the database level.

Why Supabase Was Chosen for Security

defte.co uses Supabase as its backend infrastructure. Supabase security features include:

SOC 2 Type II certified data centre infrastructure
Global infrastructure hosted on AWS with geographic redundancy
Automatic backups (daily backup + 7-day retention)
Zero-trust network architecture: each service is isolated from others
Edge Functions: sensitive operations run in secure server environments, not in the browser

International Compliance

defte.co is a platform usable worldwide, not just in Turkey. It is built on an infrastructure that complies with data protection regulations across different regions:

🇹🇷 KVKK (Turkey) Compliant with Turkish Personal Data Protection Law: data protection, minimal data collection, access control.

🇪🇺 GDPR (European Union) Data minimisation, transparency, and secure storage principles are applied. Infrastructure is suitable for use from EU countries.

🌍 Other Regions Salon owners from Georgia, Russia, Gulf countries, USA, and all other countries can use the same security infrastructure.

Account Deletion and Data Portability

When a salon owner wants to delete their account, they can submit a request via defte.co/account-deletion. After the request is confirmed:

Appointment records and customer data are permanently deleted from the system within 30 days.
Push notification subscriptions and device registrations are deleted immediately.
Email address and authentication record are removed from the system.

Start with Confidence

defte.co is an international appointment system with multi-layer security infrastructure, available to salon owners safely from anywhere in the world.