Security
Security is designed into every layer, from database policies to runtime access controls.
Tenant isolation
Supabase RLS policies enforce workspace-level access boundaries.
API key security
Project API keys are hashed at rest and scoped to a project.
Transport security
TLS enforced across all services and database connections.
Access controls
Role-based access and least privilege by default.
Auditability
Audit log tables and webhook events support traceability.
Operational resilience
Health checks, retries, and safe ingestion pipelines.
We continuously review our security posture. For security inquiries, email support@allai.com. Please include “Security” in the subject line when reporting a vulnerability.