Skip to content
Skappa
Security

Your data is safe with us

Security is built into every layer of Skappa — from infrastructure to application code.

Infrastructure

  • Hosted on Vercel with automatic scaling and DDoS protection.
  • Database powered by Supabase (PostgreSQL) with daily backups.
  • All infrastructure runs in SOC 2 compliant data centers.

Encryption

  • TLS 1.3 encryption for all data in transit.
  • AES-256 encryption for data at rest.
  • HSTS enabled with 2-year max-age and preload.

Authentication

  • Supabase Auth with secure session management.
  • Row-level security (RLS) policies on all database tables.
  • CSRF and XSS protection via security headers.

API key storage

  • All secrets stored as encrypted environment variables.
  • Integration credentials stored in Supabase Vault.
  • Keys are never exposed to the client or logged.

Data isolation

  • Row-level security ensures users can only access their own data.
  • Project files are scoped to individual user accounts.
  • No cross-tenant data access is possible.

Responsible disclosure

  • Found a vulnerability? Email security@skappa.io.
  • We aim to respond to reports within 48 hours.
  • We appreciate responsible disclosure and will credit reporters.