Security at SMBRegs

Your business data deserves careful handling. Here's the current security setup at a high level.

Infrastructure Security

  • Hosted on Vercel's edge network with automatic DDoS protection and global CDN
  • Database powered by Supabase-managed PostgreSQL infrastructure
  • All data encrypted at rest using AES-256 and in transit via TLS 1.3
  • Automatic backups with point-in-time recovery

Data Protection

  • Encryption in transit and provider-managed encryption at rest
  • Role-based access controls with principle of least privilege
  • Audit logging for key application events and account activity
  • Data isolation between customer accounts

Authentication Security

  • Powered by Supabase Auth with industry-standard protocols
  • Passwords hashed using bcrypt with adaptive cost factor
  • OAuth 2.0 support for Google and GitHub sign-in
  • Session management with secure, HTTP-only cookies

Compliance & Certifications

  • Key infrastructure providers advertise certifications such as SOC 2 Type II
  • Data handling supports common deletion and export workflows
  • Regular security assessments and dependency audits
  • Responsible vulnerability management and patching

Responsible Disclosure

If you believe you've found a security vulnerability in SMBRegs, we encourage responsible disclosure. Please email us with details and we'll review it as quickly as we can.

security@smbregs.com