Encryption in Transit & at Rest
All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption provided by Supabase (AWS infrastructure).
We take security seriously. Here's exactly how we protect your data.
All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption provided by Supabase (AWS infrastructure).
Our infrastructure provider Supabase is SOC 2 Type II certified, covering security, availability, and confidentiality controls.
Every tenant's data is isolated via Row-Level Security (RLS) policies in PostgreSQL. Cross-tenant data leakage is architecturally prevented.
Data is stored in the EU (AWS eu-west-1 region). We maintain a Data Processing Agreement (DPA) and honor all GDPR data subject rights.
Our infrastructure provider Supabase holds ISO 27001 certification for information security management systems.
We use the following third-party services to process data on behalf of our customers. All subprocessors are contractually bound to data protection standards.
| Vendor | Purpose | Location | Certifications |
|---|---|---|---|
| Supabase | Database, Auth, Storage, Realtime | EU (AWS eu-west-1) | SOC 2, ISO 27001 |
| Vercel | Hosting, CDN, Edge Functions | Global (EU nodes) | SOC 2 Type 2 |
| Stripe | Payment processing | USA / EU | PCI DSS Level 1 |
| Resend | Transactional email delivery | USA (AWS) | SOC 2 |
| Sentry | Error monitoring (anonymized) | USA / EU | SOC 2 |
| Upstash | Redis cache (rate limiting) | EU | SOC 2 |
We retain your data only as long as necessary to provide the service or as required by applicable law.
| Data Type | Retention Period |
|---|---|
| Account & profile data | Until account deletion + 30 days |
| Course completions & certificates | 7 years (compliance requirement) |
| Payment records | 7 years (tax & legal requirement) |
| Audit logs | 2 years |
| Error logs (anonymized) | 90 days |
If you discover a security vulnerability, please report it to our security team. We take all reports seriously and respond within 72 hours.
security@lms-foodtech.vercel.appDownload DPA Template
Coming soon
Last updated: 2026-04-23