Security

Last updated: November 28, 2025

We protect user data according to industry best practices. Highlights below complement our Privacy Policy and NDPR obligations.

Encryption

• HTTPS/TLS for all data in transit
• Data at rest encrypted by our database provider (Supabase/PostgreSQL)

Access Controls

• Authentication via Supabase with short‑lived JWT sessions
• Row‑Level Security (RLS) on application tables to restrict data by user/org
• Principle of least privilege for service keys and API routes

Application Practices

• Password hashes using bcrypt (never stored in plaintext)
• Audit logs for organization events and billing actions
• CAPTCHA (hCaptcha) to reduce automated abuse
• Regular database backups and monitoring

Incident Response

• Notify NDPC within 72 hours of a notifiable breach
• Notify affected users by email within 7 days
• Public updates via email/in‑app notices as needed

Contact

Report security issues to support@ekogni.com. Please avoid sharing sensitive data over email.