Security
Built for
institutional trust.
PE firms and portfolio companies share highly sensitive organizational intelligence through Wexler Gray. Our security architecture is designed to match the confidentiality expectations of that audience.
How we protect data
Security by design.
Encrypted end to end
All data is encrypted in transit using TLS 1.3 and encrypted at rest using AES-256. No assessment data is ever transmitted or stored in plaintext.
Row-level security
Access controls are enforced at the database layer using row-level security policies. A PE firm user cannot access data belonging to another PE firm. Portfolio company users see only data scoped to their organization.
No passwords stored
Authentication uses a passwordless magic link model. We never store passwords. There are no credentials to compromise through phishing or credential stuffing.
Audit logging
All data access events are logged with user identity, timestamp, and action. Audit logs are immutable and retained for 12 months. They are available to authorized client contacts on request.
Role-based access
Platform access is governed by three roles: PE firm operating team, portfolio company leadership, and Operator Consortium member. Each role sees only the data relevant to their function. Roles are assigned by Wexler Gray and cannot be self-elevated.
Blind scoring model
Operator assessment submissions are locked from other operators and from portfolio company users until synthesis is complete. The blind model is enforced at the data access layer, not only in the interface.
Infrastructure
Enterprise-grade foundations.
The Wexler Gray platform runs on Supabase-hosted PostgreSQL infrastructure, providing a managed, enterprise-grade database with built-in row-level security, automated backups, and SOC 2 Type II compliance at the infrastructure layer. The application layer is deployed via Vercel, providing isolated edge network delivery, automatic TLS, and DDoS mitigation.
Assessment data is stored in a dedicated schema with row-level security policies enforced by the database engine. Application-level access checks are implemented as an additional layer, but the database enforces isolation independently — so even a misconfigured application query cannot return data belonging to a different client.
Authentication is handled via Supabase Auth. Access tokens are short-lived and scoped to the authenticated user's role and organization. Magic links expire after a single use. Sessions are invalidated on sign-out and subject to automatic expiry after a configurable inactivity period.
Assessment data isolation
The blind model is technical, not procedural.
Operator Consortium members submit assessments independently and without visibility of other operators' responses. This blind model is not simply a workflow rule — it is enforced at the data access layer. Operator responses are locked against cross-operator reads until Wexler Gray explicitly triggers synthesis, at which point the synthesis engine aggregates responses without exposing individual submissions to other operators.
Portfolio company users have read access to synthesised assessment outputs and Bearing interpretations only where explicitly granted by the instructing PE firm. They have no access to individual operator responses, operator identities, or unaggregated scoring data at any point.
PE firm users have access to all data within their portfolio scope and no access to data outside it. Cross-portfolio data is visible only to PE firm users with explicit cross-portfolio permissions, assigned by Wexler Gray.
Responsible disclosure
If you have identified a potential security vulnerability in the Wexler Gray platform, we ask that you report it privately to allow us to investigate and remediate before any public disclosure.
Contact security@wexlergray.com. We respond to all credible reports within 48 hours.