Security
How Graphletter handles data protection and access control.
Encryption
All data encrypted in transit (TLS 1.3) and at rest (AES-256). Database connections use SSL.
Row-Level Security
Multi-tenant data isolation enforced at the database layer via Supabase RLS policies. Users can only access their own data.
Ephemeral Processing
Uploaded documents are processed in serverless functions and not retained beyond the assessment lifecycle. AI providers receive only extracted text, not raw files.
Authentication
Supabase OAuth (Google, GitHub) with session management. Edge middleware enforces authentication on all protected routes.
Vulnerability Disclosure
Report security issues to security@graphletter.com. We acknowledge reports within 48 hours.