Security & Compliance

Your Data, Our Priority

Security isn't an afterthought — it's built into every layer of our platform. From encryption to access control, your documents are protected at every step.

Security at a Glance

End-to-End Encryption

AES-256-GCM encryption for data at rest and TLS 1.2+ for all data in transit. Your documents are protected from upload to retrieval.

Role-Based Access Control

Granular workspace roles — owner, admin, member, and viewer — ensure everyone has exactly the access they need, nothing more.

Compliance Ready

Our infrastructure is designed with SOC 2 and regulatory compliance in mind, so you can meet your organization's security requirements.

Data Isolation

Multi-tenant architecture with PostgreSQL row-level security ensures strict data isolation between workspaces and users.

Infrastructure Security

Non-Root Containers

Production containers run as unprivileged users (UID 1001), minimizing the attack surface.

Redis Authentication

Job queue connections are authenticated and encrypted, protecting background processing pipelines.

Automated Security Scanning

CI/CD pipelines include dependency audits and vulnerability scanning on every deployment.

Rate Limiting

IP-based rate limiting on API (10 req/s) and upload endpoints (2 req/s) to prevent abuse.

Webhook Verification

All incoming webhooks are verified using HMAC-SHA256 signatures to prevent tampering.

Data Handling

Encrypted Storage

Documents are stored in encrypted storage with Supabase Storage, protected at rest and in transit.

API Key Encryption

All API keys are encrypted with AES-256-GCM before database storage — never stored in plain text.

No Training on Your Data

Your documents are only used for RAG retrieval. We never use customer data to train models.

Secure Deletion

Soft-delete with 30-day retention, then permanent deletion. You can permanently delete at any time.

Audit Logging

All document operations are logged for accountability and compliance auditing.

Authentication & Access

JWT Authentication

Secure token-based authentication powered by Supabase Auth with industry-standard JWT tokens.

Secure Sessions

8-hour session expiry, secure cookies with SameSite policy, and automatic token refresh.

Platform Admin Controls

Workspace owners and admins have granular control over members, permissions, and workspace settings.

Document-Level Permissions

Private by default. Share with specific users or workspaces with read or write permissions.

Compliance & Certifications

Our platform is built to meet the most demanding security and compliance standards.

GDPR Ready

SOC 2 Readiness

ISO 27001 Aligned

Have Security Questions?

Our team is ready to discuss your security requirements and compliance needs.