Security & Data Boundaries | RuinShield
See how RuinShield separates public contractor lookup, browser-local bulk lists, collaborative team workspaces, contractor profiles, and account data.
Explore the public directory, contractor verification,
verification statistics, storm-chaser red flags,
how to verify a roofer,
after the storm checklist,
how to report a storm chaser, and
paid verification plans.
Security & Data Boundaries
RuinShield separates open public verification features from member-only reports, contractor profiles, checkout-backed access, and admin surfaces. Public visitors can search the directory preview, run the Risk Score preview, and view stats and pricing; member routes require login; and paid workflows require an active entitlement before showing protected reports or contractor tools.
A core principle is the split between open public data and protected intelligence: public licensing and board disciplinary records that any homeowner can already get from a state board stay openly searchable, while member reports, exports, saved lists, contractor analytics, and admin tooling stay behind authentication, entitlement, and role checks.
Checkout flows route through Stripe-backed sessions, and production webhooks must verify signatures before granting entitlements or updating subscription state. Authentication and any payment or webhook secrets are designed to live in server-side configuration and managed secret stores, never in client code or the public bundle.
The product exposes only the public fields needed for contractor lookup, and the bulk screener keeps working lists in your own browser until you choose to export them. Production traffic is intended to be served over HTTPS with data encrypted in transit.
Suspected security issues should be reported through the staged contact routing rather than disclosed publicly, without accessing or altering data that is not yours; a dedicated security contact and coordinated-disclosure process will be published when the production domain is configured.