Your data security is our top priority. Here is how we protect your information.
All data transmitted between your browser and TrueCite is encrypted using TLS 1.3. We enforce HTTPS across all endpoints and redirect all HTTP traffic.
All data stored in our Supabase database is encrypted at rest using AES-256. Database backups are also encrypted and stored securely.
We use Supabase Row Level Security (RLS) to enforce data isolation at the database level. Users can only access their own data — even if our application layer has a bug.
Authentication is handled by Clerk, a SOC 2 Type II certified identity provider. We support multi-factor authentication and secure session management.
All payment processing is handled by Stripe, a PCI DSS Level 1 certified provider. We never store card numbers, CVCs, or full PANs on our servers.
TrueCite runs on Vercel's edge network with DDoS protection. Our database runs on Supabase (AWS us-east-1) with automated backups and point-in-time recovery.
Production database access is restricted to a minimal set of engineers. All access is logged and reviewed. We use the principle of least privilege throughout.
We conduct regular security reviews of our codebase and infrastructure. Dependency vulnerabilities are monitored and patched promptly.
We take security vulnerabilities seriously. If you discover a security issue in TrueCite, please report it to us privately before disclosing publicly. We will acknowledge your report within 48 hours and work to resolve critical issues within 7 days.
Please do not publicly disclose before we have addressed the issue.
Have a security question?
security@truecite.ai →