How we protect your client’s data.

1) User Authentication (How we verify who you are)

- Secure Login System: Uses industry-standard JWT tokens (like a digital key card) that expire after 10 hours

- Multiple Login Options: Email/password, Google, and Facebook login with secure OAuth protocols

- Session Tracking: Every login is logged with device info and IP address for security monitoring

- Automatic Logout: When you logout, your session is immediately invalidated - no one can reuse your old login token


2) Password Protection

- Strong Password Requirements:

    -> At least 8 characters long

    -> Must include a capital letter, number, and special character

    -> This makes passwords much harder to crack

- Enterprise-Grade Storage: Passwords are encrypted using Supabase Auth (used by thousands of companies)

- Password Reset: Secure email-based reset process with time-limited codes


3) Email Verification

- New accounts must verify their email address

- 6-digit verification codes sent via email

- Codes expire after 60 minutes for security


4) Data Protection

- Database Security: All data stored in Supabase (enterprise-grade, SOC 2 compliant platform)

- Secure API Keys: All sensitive credentials (API keys, secrets) stored in environment variables, never in code

- CORS Protection: Only approved domains can access the API (prevents unauthorized websites from making requests)


5) Access Control

- User-Specific Data: Users can only access their own projects and data

- Double-Verification: User ID in requests must match the authenticated user's token

- Protected Endpoints: Admin and sensitive features require authentication before access


6) Third-Party Integration Security

- Google Ads, Meta, LinkedIn: Uses OAuth 2.0 (industry standard for secure API access)

- Token Refresh: Access tokens are automatically refreshed when needed

- Limited Permissions: Only requests the minimum necessary permissions from third-party services


7) Audit & Monitoring

- Activity Logging: All logins, logouts, password changes, and account deletions are tracked

- Session History: Can see when and where users logged in

- Error Logging: Security errors are logged for review (but sensitive info is hidden in production)


8) Account Security Features

- Account Deletion: Comprehensive cascade deletion removes all user data when requested

- Email Change Verification: Changing email requires re-verification

- Token Expiration: Old tokens automatically expire and can't be reused