Security Policy

Infrastructure Security

• ✓Cloud Native: Our infrastructure runs on Vercel and Supabase, utilizing world-class data centers with SOC 2 Type II certification.
• ✓DDoS Protection: Automated mitigation of distributed denial-of-service attacks at the edge.
• ✓Encryption at Rest: All database volumes and backups are encrypted using AES-256.
• ✓Encryption in Transit: All data transmitted between your client and our servers is encrypted using TLS 1.2/1.3.

Application Security

• ✓Authentication: We use Supabase Auth (based on GoTrue) for secure, token-based authentication. We never store raw passwords.
• ✓Row Level Security (RLS): strict database policies ensure users can only access their own data and authorized public content.
• ✓Input Validation: Rigorous sanitization of all user inputs to prevent SQL injection and XSS attacks.

Compliance

We are committed to complying with major data protection regulations.

• GDPRWe process data in accordance with the General Data Protection Regulation. You have the right to request data deletion at any time.
• CCPAWe honor California Consumer Privacy Act requirements regarding personal information disclosure.