How we protect your supply chain data
All data is encrypted in transit using TLS 1.3 and at rest using AES-256. API keys and credentials are stored using industry-standard secret management.
We use Supabase Auth with secure session tokens. Passwords are hashed using bcrypt. We support OAuth via Google for enterprise customers.
Database access is controlled by Supabase Row Level Security (RLS) policies. Users can only access their own projects and data. Workspace data is isolated between organizations.
NodeVault is hosted on Vercel's edge network with automatic DDoS protection. Our database runs on Supabase's managed PostgreSQL with daily backups and point-in-time recovery.
Each customer's supply chain data is logically isolated. Enterprise customers can request dedicated infrastructure for additional isolation.
We are working toward SOC 2 Type II compliance. Our infrastructure providers (Supabase, Vercel, Mapbox) maintain SOC 2 and ISO 27001 certifications.
We conduct regular security reviews and dependency updates. If you discover a security vulnerability, please report it to security@nodevault.app.
If you believe you have found a security vulnerability in NodeVault, please email security@nodevault.app. We will respond within 48 hours.