Security

Multi-tenant by design,
not bolted on later.

Every club’s data is isolated at the database layer. Staff only access their club; platform admins have audited, role-gated tools.

Security questions?Platform features

Row Level Security (RLS)

Supabase Postgres policies enforce tenant boundaries. Club staff queries are scoped to their club_id; sensitive tables require authenticated roles with explicit policies.

Role-based access

Club roles (owner, admin, staff) and platform roles (super admin, support) map to real operational needs. Permissions are checked in the app and reinforced in the database.

Separate product brands

Fairwayr Clubs (B2B) runs on fairwayr.clubs infrastructure. The Fairwayr community app on fairwayr.com is a related but separate consumer product. Where the two connect, access is tightly controlled at the database layer.

Operational practices

We use sales-assisted onboarding, audit-friendly conversion tracking, and controlled activation so clubs are not left in ambiguous half-provisioned states.

Multi-tenant by design,not bolted on later.

Row Level Security (RLS)

Role-based access

Separate product brands

Operational practices

Multi-tenant by design,
not bolted on later.