Security

1. Overview

We take server and infrastructure security seriously. Our systems are designed to protect your data, our clients’ projects, and our own services through secure hosting, encryption, access controls, and ongoing monitoring.

2. Infrastructure & Hosting

We use trusted cloud providers (e.g. AWS, Vercel, Supabase) with strong security practices. Servers run in isolated environments, receive regular updates, and follow hardening guidelines. We avoid unnecessary exposure of ports and services.

3. Encryption

• In transit: All traffic between your browser and our servers uses TLS (HTTPS). We enforce modern cipher suites and redirect HTTP to HTTPS.
• At rest: Sensitive data is encrypted where supported by our stack (e.g. database encryption, encrypted storage). Keys are managed securely.

4. Access Control & Authentication

Access to production systems and admin tools is restricted. We use strong authentication, role-based access, and principle of least privilege. Credentials and API keys are stored securely and never committed to version control. Admin sessions use secure, httpOnly cookies and time-limited tokens.

5. Application Security

We follow secure development practices: input validation, parameterized queries, and protection against common vulnerabilities (e.g. XSS, CSRF, injection). Dependencies are updated regularly, and we monitor for known issues.

6. Monitoring & Incident Response

We monitor our infrastructure and applications for anomalies, failed access attempts, and errors. Logs are retained for troubleshooting and security analysis. We have processes to respond to incidents and to communicate with affected parties when appropriate.

7. Data Protection

We handle personal and project data in line with our Privacy Policy and applicable laws. Access is limited to those who need it, and we use secure channels when sharing data with clients or partners.

8. Questions

For security-related questions or to report a concern, contact us at owner@trivosoft.com.