Security

Your Shop Data Is Safe with GarageArc

We built GarageArc with security as a core product concern. This page explains the protections we rely on today to help safeguard shop data, customer information, and day-to-day operations.

Auto repair shops rely on GarageArc for operational records, customer details, vehicle information, and other business data. We take that responsibility seriously and aim to use practical, product-level safeguards that fit the current platform architecture.

This page is a plain-language summary of our current security approach. It should be read together with our Privacy Policy, Terms of Service, and Trust Center.

Important note

Security practices evolve over time. We update this page as the product, infrastructure, and internal processes mature.

1. Our Commitment

GarageArc is designed for independent shops and multi-user teams, which means data protection has to cover both product access and day-to-day operational visibility. We focus on reducing unnecessary access, maintaining clear tenant boundaries, and keeping useful records of important activity.

  • Practical controls: We prioritize protections that are already part of the shipped product and supporting services.
  • Least privilege mindset: Access is aligned to job function wherever possible.
  • Ongoing improvement: We continue to refine security controls as the platform grows.

2. Authentication and Account Security

GarageArc uses Supabase Auth for account authentication. Users sign in with their account credentials, and session management is handled through the platform's managed authentication flow.

What this means in practice

  • Password-based sign-in is supported through the current login flow.
  • Authentication events, including successful and failed login attempts, are recorded for audit purposes.
  • Password reset and account recovery flows are supported through the existing auth stack.

Customers are responsible for using strong passwords, protecting account credentials, and notifying GarageArc quickly if they suspect unauthorized access.

3. Access Control

GarageArc applies role-based access control inside the application. Current roles include admin, manager, and user, and access to features and records is limited according to those permissions.

  • Admin-only areas: Sensitive administrative areas, including `/admin/*` pages and audit visibility, are restricted to administrators.
  • Role-aware UI and logic: User-facing actions and data visibility are conditioned on the authenticated role.
  • Operational separation: Team members should only be granted the minimum level of access needed for their work.

4. Tenant Isolation

GarageArc is built as a multi-tenant platform. Tenant context is enforced in the application layer so that each shop operates within its own business boundary.

  • Tenant-aware requests: Authenticated requests carry tenant context used by the backend.
  • Business separation: Shop data is handled within the scope of the associated tenant.
  • Protected tables: Sensitive data paths are documented with row-level protections in the project specification.

5. Auditability

GarageArc keeps audit records for important application activity. This improves traceability for administrative actions and helps support internal review when incidents or data questions arise.

  • Global audit system: The backend includes automatic audit interception for relevant actions.
  • Login visibility: Login success and failure events are logged.
  • Restricted access to logs: Audit log viewing is limited to authorized administrators.

6. Security Operations

GarageArc relies on a combination of application controls and managed service providers to support secure operation of the platform. We review current behavior, prioritize fixes, and use conservative public statements so that our documentation stays aligned with what is actually implemented.

When issues are identified, we evaluate scope, prioritize remediation, and communicate with affected customers when appropriate for the situation.

7. Shared Responsibility

Security in a shop management platform is shared between GarageArc and each customer organization. GarageArc is responsible for the platform and its service architecture, while customers remain responsible for how accounts are provisioned and used in their business.

  • Review and remove unnecessary user access promptly.
  • Use unique, strong passwords for each user account.
  • Contact us immediately if you suspect account misuse or unusual activity.

8. Reporting and Contact

If you have a security question, need to report suspicious activity, or want to discuss GarageArc's current security practices, contact GarageArc LLC using the channels below.

Security and trust questions: contact@garagearc.com

Account access or urgent support: support@garagearc.com

Last updated March 10, 2026

Role-based access
Tenant-aware architecture
Audit visibility

Need security details for your shop or group?

Review our related policies or contact GarageArc directly for questions about current product safeguards and operational practices.

Visit Trust CenterContact GarageArc