Your data is protected
at every layer.
Buildalytic handles sensitive project data, employee information, financial records, and compliance documents. All data is encrypted in transit and at rest. Every query is scoped to your organization. We never sell your data.
Infrastructure
All services run on enterprise-grade cloud infrastructure with multi-region redundancy, automated failover, and continuous monitoring. Production environments are isolated within private networks. All external traffic is routed through managed load balancers with DDoS protection and web application firewall rules. Automated daily backups with point-in-time recovery are encrypted and stored in geographically separate regions.
Encryption
All data transmitted between clients and our servers is encrypted using TLS 1.3 with HSTS enforced on every endpoint. All customer data at rest, including call recordings, documents, and database records, is encrypted using AES-256. Encryption keys are managed through cloud-native key management services with automatic rotation and strict access policies.
Access Controls
Every database query in our system is scoped to the authenticated organization. Data from one company is never accessible to another. This is enforced at the application layer and verified through automated testing. User authentication is managed through Supabase Auth with JWT-based session tokens. Access to features and data within each organization is controlled through role-based permissions.
Application Security
Our development process includes code review, automated testing, and dependency scanning. Third-party dependencies are monitored for known vulnerabilities and critical patches are applied promptly. All user input is validated and sanitized to prevent injection attacks, cross-site scripting, and other OWASP Top 10 vulnerabilities.
Data Handling
You retain full ownership of your data. We process it only to provide and improve our services. Your data is never sold to third parties. Call recordings default to 90-day retention with configurable longer periods. Upon account termination, you may request a full data export within 30 days. All subprocessors are vetted for security practices and bound by data protection agreements.
Incident Response
We use continuous monitoring and alerting across all production systems to identify anomalies in real time. Our incident response follows a structured process: detection, containment, investigation, remediation, and post-incident review. In the event of a data breach affecting your information, we will notify affected customers within 72 hours of confirmation.
Security Contact
To report a security vulnerability or request information about our security practices, contact us directly.
security@buildalytic.com