Security

Last updated: March 6, 2026

Application Security

• Authenticated account workflows using Supabase Auth.
• Row-level security architecture for user-scoped data where configured.
• Server-side functions for privileged operations.

Data Protection

• TLS-secured transport for production web traffic.
• Optional certificate-based options for OpenADR integration workflows.
• Input validation and size checks for CSV and key request payloads.

Operational Practices

• Least-privilege access for operational secrets and environment variables.
• Monitoring of auth and function behavior for reliability and incident response.
• Periodic review of dependency and infrastructure configuration.

Responsible Disclosure

If you discover a security issue, report it privately through support channels and include reproduction details so we can investigate quickly.