Security Policy

1. Introduction

At Enrich Spot, the security of your data is our top priority. This policy describes the measures we take to protect your information and ensure the integrity of our platform.

2. Data Protection

• We use Supabase as a secure database to store your information.
• All data is encrypted at rest and in transit.
• We enforce strict access control policies (Row Level Security) to ensure that each user only has access to their own data.

3. Authentication and Authorization

• We use secure authentication methods provided by Supabase.
• Passwords are hashed and salted before being stored.
• We offer a secure password reset feature.
• Access to features is controlled by authorization checks based on user roles and subscriptions.

4. API Security

• All our APIs are protected by authentication tokens.
• We implement rate limiting to prevent abuse and brute force attacks.
• API requests are validated and sanitized to prevent injections and other vulnerabilities.

5. File Management and Data Enrichment

• Uploaded files are scanned for potential threats.
• We use secure encodings (UTF-8) to process file data.
• Data enrichment processes are executed in an isolated environment to prevent data leaks.

6. Compliance and Confidentiality

• We comply with data protection regulations, including GDPR.
• Users have control over their data and can request its deletion.
• We maintain audit logs for all sensitive activities.

7. Payment Security

• We use Stripe, a PCI DSS certified payment processor, to handle all financial transactions.
• No credit card information is stored on our servers.

8. Monitoring and Incident Response

• We continuously monitor our platform for suspicious activities.
• An incident response plan is in place to quickly react to any security threats.