bitcain docs

Security & KYC

Security & KYC

Know Your Customer verification, identity documents, and security controls.

15 tables in this group.

kyc_profiles

ColumnTypeNullableDefault
iduuidNogen_random_uuid()
user_iduuidNo
tiertextNo'basic'::text
statustextNo'verified'::text
email_verifiedboolYesfalse
mfa_enabledboolYesfalse
created_attimestamptzNonow()
updated_attimestamptzNonow()

RLS Policies:

  • Users can insert their own kyc profile — INSERT for {public}
  • Users can update their own kyc profile — UPDATE for {public}
  • Users can view their own kyc profile — SELECT for {public}

Indexes:

  • idx_kyc_profiles_user_id
  • kyc_profiles_pkey
  • kyc_profiles_user_id_key

kyc_verifications

ColumnTypeNullableDefault
iduuidNogen_random_uuid()
user_iduuidNo
tierint4No0
statustextNo'verified'::text
verification_typetextYes'email'::text
verified_attimestamptzYes
expires_attimestamptzYes
created_attimestamptzNonow()
updated_attimestamptzNonow()

RLS Policies:

  • Users can insert their own kyc verifications — INSERT for {public}
  • Users can update their own kyc verifications — UPDATE for {public}
  • Users can view their own kyc verifications — SELECT for {public}

Indexes:

  • idx_kyc_verifications_user_id
  • kyc_verifications_pkey
  • kyc_verifications_user_id_key

kyc_documents

Stores metadata for user-uploaded KYC documents (files in Supabase Storage) - used for Tier 2 verification

ColumnTypeNullableDefault
idint8No
user_iduuidNo
document_typetextNo
storage_pathtextNo
file_nametextNo
file_size_bytesint8No
mime_typetextNo
document_numbertextYes
issuing_countrytextYes
issue_datedateYes
expiry_datedateYes
verification_statustextNo'pending'::text
verified_byuuidYes
verified_attimestamptzYes
rejection_reasontextYes
metadatajsonbYes'{}'::jsonb
uploaded_attimestamptzNonow()
updated_attimestamptzNonow()

RLS Policies:

  • Admins can update KYC documents — UPDATE for {public}
  • Admins or users can view KYC documents — SELECT for {public}
  • Users can upload their own KYC documents — INSERT for {public}

Indexes:

  • idx_kyc_documents_verified_by
  • kyc_documents_pkey

kyc_reviews

Tracks manual admin reviews of KYC documents for tier upgrades

ColumnTypeNullableDefault
iduuidNogen_random_uuid()
user_iduuidNo
document_idint8Yes
reviewer_iduuidYes
old_tierint4No
new_tierint4No
review_statustextNo
review_notestextYes
reviewed_attimestamptzYes
created_attimestamptzNonow()

RLS Policies:

  • Admins can delete reviews — DELETE for {public}
  • Admins can insert reviews — INSERT for {public}
  • Admins can update reviews — UPDATE for {public}
  • Admins or users can view reviews — SELECT for {public}

Indexes:

  • idx_kyc_reviews_document_id
  • idx_kyc_reviews_reviewer_id
  • idx_kyc_reviews_user_id
  • kyc_reviews_pkey

kyc_tier_history

Audit trail of KYC tier changes

ColumnTypeNullableDefault
iduuidNogen_random_uuid()
user_iduuidNo
old_tierint4No
new_tierint4No
reasontextNo
changed_byuuidYes
changed_attimestamptzNonow()

RLS Policies:

  • Service and admins can insert history — INSERT for {public}
  • Users can view own tier history — SELECT for {public}

Indexes:

  • idx_kyc_tier_history_changed_by
  • idx_kyc_tier_history_user_id
  • kyc_tier_history_pkey

kyc_history

KYC verification status change history

ColumnTypeNullableDefault
idint8No
user_iduuidNo
old_statuskyc_statusYes
new_statuskyc_statusNo
verified_byuuidYes
verification_methodtextYes
document_typetextYes
verification_notestextYes
created_attimestamptzNonow()

RLS Policies:

  • Admins or users can view KYC history — SELECT for {public}

Indexes:

  • idx_kyc_history_verified_by
  • kyc_history_pkey

mfa_failed_verification_attempts

Track failed MFA verification attempts for security monitoring

ColumnTypeNullableDefault
idint8No
user_iduuidNo
mfa_methodtextNo
provided_codetextYes
ip_addresstextNo
user_agenttextYes
failure_reasontextNo
attempted_attimestamptzNonow()
metadatajsonbYes'{}'::jsonb

RLS Policies:

  • Admins or users can view MFA failures — SELECT for {public}
  • Auth admin can insert MFA failures — INSERT for {supabase_auth_admin}

Indexes:

  • idx_mfa_failed_attempts_user
  • idx_mfa_failed_verification_attempts_user_id
  • mfa_failed_verification_attempts_pkey

blocked_email_domains

Email domains blocked from registration (disposable email providers, etc.)

ColumnTypeNullableDefault
idint8No
domaintextNo
reasontextYes
blocked_byuuidYes
is_activeboolNotrue
added_attimestamptzNonow()
updated_attimestamptzNonow()

RLS Policies:

  • Admins can manage blocked email domains — ALL for {public}

Indexes:

  • blocked_email_domains_domain_key
  • blocked_email_domains_pkey

blocked_ip_addresses

IP addresses temporarily or permanently blocked from registration

ColumnTypeNullableDefault
idint8No
ip_addresstextNo
reasontextYes
blocked_byuuidYes
is_activeboolNotrue
expires_attimestamptzYes
added_attimestamptzNonow()
updated_attimestamptzNonow()

RLS Policies:

  • Admins can manage blocked IP addresses — ALL for {public}

Indexes:

  • blocked_ip_addresses_ip_address_key
  • blocked_ip_addresses_pkey
  • idx_blocked_ip_addresses_blocked_by

compliance_reports

ColumnTypeNullableDefault
iduuidNo
report_typevarchar(50)No
report_namevarchar(200)No
report_period_starttimestampNo
report_period_endtimestampNo
jurisdictionvarchar(100)No
regulatory_bodyvarchar(200)Yes
regulation_referencevarchar(100)Yes
total_usersint4Yes
total_transactionsint4Yes
total_volumenumericYes
flagged_transactionsint4Yes
suspicious_activitiesint4Yes
executive_summarytextYes
detailed_findingsjsonYes
recommendationsjsonYes
attachmentsjsonYes
generated_byuuidYes
submitted_byuuidYes
submission_referencevarchar(100)Yes
statusvarchar(20)Yes
generated_attimestampYes
submitted_attimestampYes
created_attimestampNo
updated_attimestampYes
audit_metadatajsonYes

RLS Policies:

  • compliance_reports_service_all — ALL for {public}

Indexes:

  • compliance_reports_pkey
  • idx_compliance_reports_generated_by
  • idx_compliance_reports_submitted_by
  • ix_compliance_reports_report_type

enforcement_rules

ColumnTypeNullableDefault
iduuidNouuid_generate_v4()
rule_idvarchar(255)No
rule_typevarchar(100)No
conditionsjsonbNo
actionvarchar(50)No
priorityint4Yes0
activeboolYestrue
expires_attimestamptzYes
environmentvarchar(50)Yes'staging'::character varying
created_byuuidYes
created_attimestamptzYesnow()
updated_attimestamptzYesnow()

RLS Policies:

  • Admins can manage enforcement rules — ALL for {public}

Indexes:

  • enforcement_rules_pkey
  • enforcement_rules_rule_id_key
  • idx_enforcement_rules_created_by

enforcement_log

ColumnTypeNullableDefault
iduuidNouuid_generate_v4()
user_iduuidNo
resourcevarchar(255)No
actionvarchar(255)No
allowedboolNo
action_takenvarchar(50)No
reasontextYes
applied_rules_textYes
environmentvarchar(50)Yes'staging'::character varying
created_attimestamptzYesnow()

RLS Policies:

  • Admins can manage enforcement log — ALL for {public}

Indexes:

  • enforcement_log_pkey
  • idx_enforcement_log_user_id

risk_profiles

ColumnTypeNullableDefault
risk_profile_iduuidNo
portfolio_iduuidNo
risk_tolerancevarchar(20)No
max_drawdown_percentnumericNo
volatility_tolerancenumericNo
rebalancing_frequency_hoursint4No
max_position_size_percentnumericNo
stop_loss_percentnumericYes
preferred_assetsjsonYes
excluded_assetsjsonYes
created_attimestampNo
updated_attimestampNo

RLS Policies:

  • risk_profiles_service_all — ALL for {public}

Indexes:

  • risk_profiles_pkey
  • risk_profiles_portfolio_id_key

risk_assessments

ColumnTypeNullableDefault
iduuidNogen_random_uuid()
user_iduuidNo
portfolio_iduuidYes
assessment_typevarchar(50)No
var_valuenumericYes
drawdownnumericYes
sharpe_rationumericYes
assessed_attimestamptzYesnow()
metadatajsonbYes'{}'::jsonb

RLS Policies:

  • Users can insert own risk assessments — INSERT for {public}
  • Users can view own risk assessments — SELECT for {public}

Indexes:

  • idx_risk_assessments_portfolio_id
  • idx_risk_assessments_type
  • idx_risk_assessments_user_id
  • risk_assessments_pkey

risk_alerts

ColumnTypeNullableDefault
iduuidNogen_random_uuid()
user_iduuidNo
portfolio_iduuidYes
alert_typevarchar(50)No
severityvarchar(20)No
messagetextNo
is_acknowledgedboolYesfalse
created_attimestamptzYesnow()
acknowledged_attimestamptzYes

RLS Policies:

  • Users can insert own risk alerts — INSERT for {public}
  • Users can view own risk alerts — SELECT for {public}

Indexes:

  • idx_risk_alerts_portfolio_id
  • idx_risk_alerts_severity
  • idx_risk_alerts_user_id
  • risk_alerts_pkey

On this page