Why security matters for interior designers
Interior design projects contain sensitive data: home addresses, floor plans, budgets, personal preferences, family details. Your clients trust you with intimate access to their lives. That trust extends to every tool you use.
Most designers don't think about data security until something goes wrong. A shared Google Drive link leaks. An email with budget details goes to the wrong person. A former employee still has access to client files. These aren't hypothetical – they happen every day.
How Liru handles security
Row-level security on every table
Every piece of data in Liru is protected by row-level security (RLS). This means that even if someone finds a database endpoint, they can only access data that belongs to them. A designer can only see their own projects. A client can only see their own portal. There are no shortcuts, no backdoors, no "admin can see everything" loopholes.
PIN-protected client portals
Clients access their portal through a unique link with a PIN code. No account creation, no passwords to remember, no app to download. But the PIN is validated with timing-safe comparison to prevent brute force attacks, and portals can be set to expire after a deadline.
Multi-factor authentication (MFA)
Designer accounts support TOTP-based multi-factor authentication. Enroll in Settings, and every login requires both your password and a code from your authenticator app. This prevents unauthorized access even if your password is compromised.
GDPR compliance built in
Liru follows GDPR best practices from day one:
**Data minimization** – we only collect what's needed to provide the service
**Right to deletion** – delete your account and all data is permanently removed (cascade delete across all projects, rooms, products, presentations, and client data)
**Data portability** – export your project data at any time
**EU servers** – all data stored on EU-based infrastructure (AWS eu-central-1)
Password policy
All accounts require passwords with minimum 8 characters, at least one uppercase letter, and at least one digit. This prevents the most common weak passwords while staying practical.
What we learned from our security audit
In April 2026, we conducted a comprehensive red team audit of the platform. Three vulnerabilities were found and fixed:
1. **Portal rate limiting** – PIN entry was rate-limited to prevent automated guessing attacks
2. **Timing-safe PIN comparison** – PIN validation was updated to use constant-time comparison, preventing timing side-channel attacks
3. **Survey size limits** – Upload size limits were enforced on survey responses to prevent denial-of-service through oversized payloads
We also added 8 database indexes to improve query performance and reduce the attack surface of slow queries.
Your data, your control
Liru is built on a simple principle: **your data belongs to you**. We don't analyze your projects for advertising. We don't share client information with third parties. We don't train AI models on your design work.
When you delete a project, it's gone. When you delete your account, everything goes with it. No 90-day retention, no "we keep backups just in case." Gone.
Security is ongoing
Security isn't a feature you ship once – it's a practice. We continuously monitor, audit, and improve our security posture. If you find a vulnerability, contact us at security@liru.app.
Try Liru with confidence
Everything described in this article is live in the platform today -- not a roadmap, not a future plan. Row-level security, PIN-protected portals, MFA, GDPR-compliant deletion, and the hardening from our red team audit are all part of the current product. We built security into the architecture from the start because we understand what's at stake: your clients' homes, finances, and personal information.
We know that trusting a new platform with sensitive project data takes a leap of faith. That's why we've been transparent about our security practices, our audit findings, and our approach to data ownership. Your projects are yours. Your clients' data is theirs. We are the infrastructure, not the owner.
If you've been hesitant to move from local files and emails to a cloud platform, we built Liru to earn exactly that trust. Early access is open -- bring a test project, explore the security settings, and see for yourself how it works.
Ready to try a better workflow?
Join early access