Skip to content
🔍

Security Practices

We implement industry-standard security measures to protect your data:

  • Encryption in Transit: All data transmitted between your device and our servers is encrypted using TLS 1.2 or higher.
  • Encryption at Rest: Stored data is encrypted using AES-256 encryption via our infrastructure providers.
  • Authentication: Multi-factor authentication (OTP) and secure session management with automatic expiration.
  • Access Control: Row Level Security (RLS) ensures data isolation between users in multi-tenant environments.
  • Infrastructure: Hosted on SOC 2 Type II compliant platforms (Supabase, Vercel) with automated backups and disaster recovery.

Incident Response

In the event of a data breach, we commit to notifying affected users and relevant supervisory authorities within 72 hours of becoming aware of the breach, in accordance with GDPR Article 33. Notifications will include the nature of the breach, the data affected, and remediation steps.

Responsible Disclosure

If you discover a security vulnerability, please report it responsibly to security@unchartd.online. We appreciate the efforts of security researchers and will work to address confirmed vulnerabilities promptly.