Security
Security & privacy by default
Tenant isolation
Multi-tenant architecture with database row-level security (RLS) to keep tenant data separated by default.
Encryption
TLS for data in transit and strong encryption at rest across our managed infrastructure and storage providers.
Access controls
Role-based access patterns and server-side authorization checks per endpoint—designed for least privilege.
Operational transparency
Audit-friendly history and predictable workflows so teams can validate what happened and why.
What we do
- Use row-level security (RLS) to isolate tenant data.
- Authenticate API access using Supabase Auth (session cookies or bearer tokens).
- Authorize requests per endpoint (tenant scope + role checks).
- Encrypt data in transit and at rest via managed providers.
- Maintain audit-friendly history for operational visibility.
For details, see our Privacy Policy.
Vendors
We rely on established providers for core infrastructure:
Supabase
PostgreSQL database + authentication
Cloudflare R2
File storage (objects, downloads/uploads)
Resend
Transactional email delivery
Vercel
Application hosting & deployment
Need a security review, DPA, or vendor list? Email legal@openpeople.ai.
Have a security question?
We'll help you evaluate OpenPeople.ai for your environment and requirements.