Security Policy

We maintain a browser-first model to reduce data exposure and keep tool execution local where practical.

Security posture

  • Traffic is served over HTTPS.
  • Supabase Row Level Security (RLS) is enabled for protected tables.
  • Service-role credentials stay server-side only and are not exposed to client bundles.
  • Tool file processing runs in-browser and does not require file uploads for tool execution.

Responsible disclosure

If you discover a vulnerability, share clear reproduction details, expected impact, and affected routes. Please contact via LinkedIn.

Report issuePrivacyTermsHome