← Back to Home
SecurityAll systems operational

Trust Center

We build for robotics teams that can't afford downtime or data leaks. Here is how we protect your projects, your data, and your team.

01

Security

Encryption

Data in TransitTLS 1.3 on all connections
Data at RestAES-256 for all stored data
Payment DataNever stored — processed entirely by Stripe

Authentication & Identity

Sign-in methodsEmail/password (bcrypt hashing), OAuth via Google and GitHub
Multi-Factor AuthTOTP-based 2FA — Google Authenticator, Authy
Session ManagementJWT tokens with automatic expiration and secure cookie storage
Domain DiscoveryB2B users matched to their org before login; unauthorized domains blocked

Access Control

Row-Level SecurityDatabase-level RLS — users only access their own data
Role-Based AccessGranular permissions for team members and admins
API SecurityRate limiting and request validation on all endpoints

Application Security

Input ValidationSanitization and parameterized queries — SQL injection prevention
XSS & CSRFContent Security Policy headers, CSRF protection on state-changing ops

Monitoring

AlertingReal-time detection of suspicious activity
Audit LoggingComprehensive logs across all critical operations
Incident ResponseDocumented procedures; security reports acknowledged within 48h
02

Privacy

Data collectionOnly what is necessary to run the platform
Data sharingNever sold or shared with third parties for advertising
PaymentsProcessed by Stripe — we never store card data
Robotics dataYour project data is isolated and private by default
DeletionFull data deletion on account closure, upon request

Read our full Privacy Policy →

03

Compliance

GDPREU data protection requirements met
CCPACalifornia Consumer Privacy Act compliance
SOC 2 Type IIVia Supabase — our primary data infrastructure
PCI DSS Level 1Payment security via Stripe
04

Infrastructure

HostingVercel — global edge network with automatic DDoS protection
Database & AuthSupabase — SOC 2 Type II certified
PaymentsStripe — PCI DSS Level 1 certified
AvailabilityMulti-region redundancy for high availability
BackupsAutomated daily backups with point-in-time recovery
05

Your Role in Security

Security is a shared responsibility. Here is what you can do to keep your account and your team's data safe.

PasswordUse a strong, unique password for your account
MFAEnable 2FA when available for your organization
CredentialsKeep your login credentials confidential
IncidentsReport any suspicious activity to security@nodeably.com immediately
06

Responsible Disclosure

Found a security issue? We take every report seriously and commit to responding within 48 hours. Please do not publicly disclose the vulnerability until we have had time to address it.

Report security vulnerabilities

Email: security@nodeably.com