Security

Your data powers your business. Protecting it is our first responsibility.

Infrastructure

All traffic encrypted with TLS 1.2+ end-to-end
Application hosted on Vercel with automatic SSL certificate management
Database and auth powered by Supabase on AWS (SOC 2 Type II compliant infrastructure)
Data encrypted at rest with AES-256 and backed up continuously with point-in-time recovery

Authentication & Access Control

Passwords hashed with bcrypt via Supabase Auth
Row-level security policies enforce strict tenant isolation. Your data is never visible to other accounts
API keys and secrets stored in secure environment variables, never committed to source code
Least-privilege access enforced across all internal systems

Data Handling

We only access data you explicitly authorize through service integrations
Integration tokens are encrypted and scoped to the minimum permissions required
We never sell, rent, or share your data with third parties
You can revoke access or request complete data deletion at any time

Application Security

All inputs validated and queries parameterized to prevent injection attacks
Security headers (CSP, X-Frame-Options, HSTS) configured to mitigate XSS and clickjacking
Dependencies continuously monitored for vulnerabilities and patched promptly
All code reviewed and tested before deployment to production

Organizational Practices

Production system access is restricted, authenticated with MFA, and audit-logged
Security awareness is embedded in our engineering process, not an afterthought

Incident Response

If a security incident occurs, we will:

Investigate and contain the issue immediately
Notify affected users within 72 hours of a confirmed data breach
Provide a clear account of what happened, what data was involved, and what we're doing about it

Report a Vulnerability

Found something? Contact us at security@engine8ai.com. We take every report seriously and appreciate responsible disclosure.