Trust & Security

Payment Security

✝

Cantori never touches
your card number

All payment processing is handled by Stripe, the industry standard for online payments. Cantori never stores, processes, or even sees your credit card number. Card data goes directly from your browser to Stripe's servers — we receive only a token that represents the transaction.

PCI DSS Level 1

Highest certification tier

Stripe holds PCI DSS Level 1 certification — the highest standard in the payment industry, requiring annual on-site audits and quarterly network scans.

Tokenization

No raw card data stored anywhere

Every payment is tokenized by Stripe before it reaches Cantori's systems. The token is meaningless outside Stripe's infrastructure — it cannot be reversed into card data.

Stripe Connect

Direct musician payouts

Musician disbursements flow through Stripe Connect — the same rails used by Lyft, Shopify, and major marketplaces. Stripe handles identity verification, 1099 generation, and direct bank transfers.

Fraud Protection

Stripe Radar on every transaction

Stripe Radar uses machine learning trained on hundreds of billions of data points to block fraudulent transactions before they complete — with no configuration required from Cantori.

User Data Protection

✝

Your data is yours.
The database enforces it.

Cantori's backend is built on Supabase, a PostgreSQL platform that enforces Row-Level Security (RLS). RLS means that access control is not just in our application code — it is built into the database itself. Even if a bug existed in application logic, the database would reject queries that cross user boundaries.

✝
Row-Level Security. Every database query is constrained to the authenticated user's own records. You cannot access another parish's data, and no other parish can access yours — enforced at the database layer, not just the application layer.
✝
Password hashing with bcrypt. Passwords are never stored in plain text. We use bcrypt with appropriate cost factors — even if our database were compromised, passwords remain unreadable.
✝
Email verification required. All accounts require verified email addresses before accessing platform features. This prevents impersonation and spam registrations.
✝
Sessions expire. Authentication sessions time out after periods of inactivity. Stolen session tokens have a limited useful lifespan.
✝
Two-factor authentication on the roadmap. TOTP-based 2FA is planned before public launch for all accounts with financial permissions.

Tax & Compliance

✝

SSNs and EINs are encrypted.
Always.

Cantori automates 1099-NEC generation for musician payouts. This requires handling sensitive tax identifiers. We treat this data with the strictest controls in our stack.

✝
Tax identifiers encrypted at rest. SSNs and EINs are encrypted in the database using server-side encryption before storage. The encryption key is never stored alongside the data it protects.
✝
Never sent to client-side JavaScript. Tax identifiers are processed entirely server-side. They never appear in API responses sent to browsers. Front-end code has no access to raw SSN or EIN values.
✝
Compliance-grade storage with audit logs. Tax documents are stored in compliance-grade object storage. Every access is logged with timestamps, actor identity, and purpose — creating a full audit trail for regulatory review.
✝
Stripe handles 1099 generation. Stripe Connect's built-in 1099 infrastructure manages tax form generation and delivery — using their compliance-reviewed processes rather than custom code.

In Transit & At Rest

✝

Encrypted in motion.
Encrypted at rest.

Security does not begin and end at the login screen. Every bit of data Cantori handles is protected at each point in its lifecycle.

TLS 1.3

All traffic over HTTPS

Every connection between your browser and Cantori is encrypted using TLS 1.3 — the current gold standard for transport security. Plain HTTP is rejected and redirected.

Database Encryption

Encrypted at rest by default

The Cantori database is hosted on Supabase with AES-256 encryption at rest. Disk-level encryption means data remains protected even if physical storage were compromised.

Backups

Encrypted backup chain

Database backups are encrypted with the same standards as production data. Backup restoration is verified regularly. Point-in-time recovery is available for disaster scenarios.

Infrastructure

SOC 2 Type II providers

Cantori runs on Render (hosting) and Supabase (database), both of which maintain SOC 2 Type II compliance — meaning independent auditors verify their security controls on an ongoing basis.

What We Don't Do

✝

Your data has one purpose.
This platform.

Many platforms monetize user data as a secondary revenue stream. Cantori does not. Sacred music communities deserve a platform that treats their information with the discretion appropriate to a professional and pastoral context.

✝
We do not sell your data. Full stop. No data broker arrangements, no "partner sharing" programs, no monetization of user information.
✝
We do not share with third parties beyond Stripe (payment processing) and Postmark (transactional email delivery). These vendors are given only the minimum data necessary to perform their function.
✝
We do not track you across other sites. Cantori has no cross-site tracking infrastructure. We do not place tracking pixels on external websites and do not participate in third-party ad networks.
✝
No advertising pixels. There are no Meta Pixel, Google Ads, or similar advertising trackers on Cantori. Your browsing behavior on this platform stays here.

Responsible Disclosure

✝

Found something?
Tell us first.

We believe in coordinated disclosure. If you discover a security vulnerability in Cantori, we ask that you contact us privately before making any public disclosure. This gives us the opportunity to address the issue and protect users before it becomes known to those who might exploit it.

Email your report to guillermo@cantusfirmus.app. Please include a description of the vulnerability, the steps to reproduce it, and the potential impact. We respond within 48 hours and acknowledge researchers who report valid vulnerabilities on this page.

We ask that you do not access, modify, or delete data that does not belong to you; do not disrupt service for other users; and do not demand payment as a condition of disclosure. Researchers who act in good faith will be acknowledged publicly and treated with respect.

Honest Status

✝

Pre-launch. Transparent
about what that means.

Cantori is in active development and has not yet launched to the public. We believe in being honest about this rather than presenting a false posture of security maturity that would mislead early users.

Current Status — May 2026

Cantori is pre-launch. The security architecture described on this page — Stripe payments, database Row-Level Security, encrypted tax identifiers, TLS, and SOC 2 provider infrastructure — reflects the design we are building toward, not features fully deployed in production today. As we approach production launch, this page will be updated with: audit dates, penetration test results, and specific verification that each protection described here is live and tested. We will not claim security properties we cannot verify.

Contact

✝

Security questions
and concerns

We take security questions seriously. If you have a concern about how your data is handled, a question about a specific protection, or a report to make, reach out directly. We are a small team and we read every message.

Security guillermo@cantusfirmus.app

General cantori@polsia.app

Press / Legal guillermo@cantusfirmus.app

Cantori never touchesyour card number

Your data is yours.The database enforces it.

SSNs and EINs are encrypted.Always.

Encrypted in motion.Encrypted at rest.

Your data has one purpose.This platform.

Found something?Tell us first.

Pre-launch. Transparentabout what that means.

Security questionsand concerns