Security
How we protect your data at every layer.
Encryption
All data encrypted in transit (TLS 1.3) and at rest (AES-256). API keys and OAuth tokens use additional application-layer encryption.
Row-Level Security
Every database query is scoped to your workspace via Supabase RLS policies. No cross-tenant data leakage is possible.
Access Control
Authentication via Supabase Auth with HTTP-only cookies. OAuth 2.0 for third-party integrations with minimal scope requests.
Infrastructure
Hosted on Vercel (SOC 2) and Supabase (SOC 2, HIPAA eligible). Automatic scaling, DDoS protection, and 99.9% uptime SLA.
API Security
API keys are hashed before storage. Rate limiting on all endpoints. Input validation and sanitization against injection attacks.
Best Practices
No secrets in client bundles. Soft-delete for data recovery. Regular dependency audits. Prompt injection mitigations for AI features.
Compliance
- SOC 2 Type II — via Vercel and Supabase infrastructure. Both providers maintain active SOC 2 Type II certification.
- GDPR-ready data handling — data minimization, right to erasure, data portability, and processing records.
- CCPA compliant — California residents can request access, deletion, and opt-out of data sale (we never sell data).
Responsible AI
- AI outputs are clearly labeled — every AI-generated analysis, suggestion, and draft is marked as AI-generated.
- No training on customer data — your brand data, prompts, and outputs are never used to train AI models.
- Human review recommended — we encourage human review for all AI-generated content before publication or external use.
Found a vulnerability? Email security@brandlism.ai