Security Practices

All data transmitted between your browser and our servers is encrypted using TLS 1.2+ (HTTPS). Database connections use TLS encryption. Uploaded PDF files are encrypted at rest using AES-256 in our cloud storage. Database backups are also encrypted at rest.

• TLS 1.2+ for all data in transit
• AES-256 encryption for all stored files
• Encrypted database backups with point-in-time recovery
• API keys and secrets are encrypted and never exposed to clients

We implement strict multi-tenant data isolation using PostgreSQL Row-Level Security (RLS). Every database table is protected by RLS policies that ensure users can only access data belonging to their organization.

• Row-Level Security (RLS) on all database tables with 28+ policies
• Role-based access control (Admin, Operator, Viewer)
• Session-based authentication with secure HTTP-only cookies
• API rate limiting to prevent abuse and brute-force attacks
• Input validation using Zod schemas on all API endpoints

Our application is deployed on enterprise-grade cloud infrastructure with automatic scaling, redundancy, and geographic distribution.

• Hosted on Vercel (frontend) and Supabase (database, auth, storage)
• PostgreSQL 17 with automated backups and point-in-time recovery
• CDN-delivered static assets for performance and DDoS mitigation
• Environment-based configuration with no secrets in source code
• Health monitoring endpoint for automated uptime checks

We take data privacy seriously and design our systems with compliance in mind.

• SOC 2 Type II compliant infrastructure providers (Supabase, Vercel)
• GDPR-aware data handling practices with data residency options
• Data Processing Agreement (DPA) available for enterprise customers
• Regular security reviews and dependency audits
• Audit logging for all data access and modifications