Recurr is built on commodity infrastructure with strong default postures. This page lists what’s in the stack and where to look for each component’s security and compliance documentation.Documentation Index
Fetch the complete documentation index at: https://recurr.dev/docs/llms.txt
Use this file to discover all available pages before exploring further.
Hosting
- Vercel for the web application layer (admin dashboard, customer dashboards, branded checkout)
- Vercel Edge Network for globally-distributed page serving + DNS/SSL termination
- Vercel’s compliance documentation: vercel.com/legal/dpa (DPA), SOC 2 Type II reports available under NDA
Database + auth
- Supabase (managed Postgres + auth + RLS)
- Postgres 17, with row-level security policies enforcing tenant isolation
- Supabase’s compliance documentation: SOC 2 Type II reports available; HIPAA + GDPR documentation on request
- Encryption at rest (AES-256) and in transit (TLS 1.2+) by default
Payments
- Stripe Connect Standard for payment processing, with a Stripe account in your company’s name
- Stripe is a Level 1 PCI DSS-compliant service provider. Card data never touches Recurr or your infrastructure — Stripe’s hosted card entry handles tokenization.
- Stripe’s compliance documentation: stripe.com/docs/security/stripe
Email delivery
- Resend for transactional + marketing email send (audit delivery, Migration Review confirmations, migration emails)
- TLS in transit; sender authentication via DKIM, SPF, and DMARC for the sending domain
- Resend’s security documentation: resend.com/docs/security
Application code
- Next.js 15 (App Router) for both the marketing site and product application
- TypeScript end-to-end
- Source control on GitHub; deployments via Vercel CI/CD
- Code review on every change; no direct-to-production paths