Security & Trust

Your team data is the backbone of your workflow. We treat it with the respect and protection it deserves.

Encryption

  • TLS 1.3 encryption for all data in transit
  • AES-256 encryption for all data at rest
  • Hashed and salted passwords (bcrypt)
  • Secure session tokens with HttpOnly cookies

Data Isolation

  • Row-Level Security (RLS) on every database table
  • Organization-scoped data isolation via Supabase policies
  • No cross-tenant data access possible at the database level
  • Service role keys never exposed to the client

Infrastructure

  • Hosted on Vercel (edge network) and Supabase (AWS)
  • Automatic SSL certificate management
  • DDoS protection via Vercel Edge Network
  • Daily automated database backups with point-in-time recovery

Authentication

  • Email/password + magic link authentication via Supabase Auth
  • MFA support (TOTP-based two-factor authentication)
  • Secure password reset flow
  • Session management with automatic expiry

Privacy

  • Essential cookies only — no tracking or advertising cookies
  • We never sell your data to third parties
  • Your team data is never used to train AI models
  • Full data export available at any time (CSV)

Application Security

  • Content Security Policy (CSP) headers
  • HTTP Strict Transport Security (HSTS)
  • X-Frame-Options, X-Content-Type-Options protection
  • Rate limiting on authentication and API endpoints
  • Input validation and sanitization on all forms

Payment Security

All payment processing is handled by Stripe, a PCI DSS Level 1 certified payment processor — the highest level of certification in the payments industry.

We never see, store, or have access to your full card number
Stripe handles all PCI compliance requirements
Subscription management via Stripe Customer Portal

Responsible Disclosure

Found a security issue? We appreciate your help keeping Agile|OS™ safe. Please report vulnerabilities responsibly.

security@theagileos.com