Security

Your risk data is safe with us

Security is not a checkbox for us. We've built data protection into every layer of the stack — from database row-level policies to TLS 1.3 on every request.

Encryption

All data encrypted at rest using AES-256
All data in transit encrypted with TLS 1.3
Supabase-managed encryption keys with hardware security modules
Passwords hashed with bcrypt (never stored in plaintext)

Access control

Row-level security (RLS) enforced at the database layer
Each user can only access their own data
Google OAuth 2.0 for secure authentication
Short-lived JWT tokens with automatic refresh

Infrastructure

Hosted on Supabase (SOC 2 Type II compliant)
Vercel edge network for global CDN delivery
Automated daily database backups with point-in-time recovery
Zero-downtime deployments

Monitoring

Real-time anomaly detection on authentication events
Error tracking and alerting via Sentry
Uptime monitoring with 99.9% SLA target
Regular dependency vulnerability scanning

Compliance & certifications

SOC 2 Type II

Via Supabase infrastructure

Active

GDPR

EU data protection compliance

Compliant

ISO 27001

Information security management (roadmap)

Planned 2026

Responsible disclosure

Found a security vulnerability? We take security reports seriously and appreciate researchers who disclose responsibly. Please email us at security@riskmatrixpro.com with details. We aim to acknowledge reports within 24 hours and resolve critical issues within 72 hours.

Please do not publicly disclose vulnerabilities before we have had a chance to address them.