Security Settings

Supabase Auth handles all authentication. All sessions use short-lived JWTs with automatic refresh. We do not store plaintext passwords.

If you believe a team member's account has been compromised, remove them from Settings → Members immediately—this invalidates their access token on the next gateway request.