Compliance & Data Practices

All user data is stored in a Supabase-managed PostgreSQL instance in the US-East-1 region. Credentials, lab completions, and billing information are stored in encrypted-at-rest databases.

All data in transit is encrypted via TLS 1.2+. Database at rest uses AES-256. API keys and service credentials are stored as environment variables, never in source control.

Row-level security (RLS) is enforced at the database layer for all user-facing tables. Service role access is restricted to server-side API routes and scheduled Edge Functions.

AIPSA credentials are publicly verifiable at aisecurity.llc/aipsa/verify/[id]. Credential records are retained indefinitely unless revocation is requested.