Security Policy

Last Revised On: January 17, 2025

At Ceviche, Inc., we are committed to maintaining the highest security standards to protect customer data, ensure compliance, and safeguard our systems against potential threats.

Data Security & Encryption

All customer data is stored in Supabase-managed databases, which utilize AES-256 encryption at rest and TLS 1.2+ encryption in transit. We implement role-based access controls (RBAC) to ensure that only authorized users can access sensitive information.

Authentication & Access Control

We use Supabase Auth, which supports secure authentication via email, OAuth, and third-party providers. Access to production systems is limited to authorized personnel with multi-factor authentication (MFA) enforced where applicable.

Infrastructure & Compliance

Our infrastructure is hosted on Supabase, which runs on AWS & Google Cloud, benefiting from their world-class security measures. Supabase maintains SOC 2 Type II, ISO 27001, and GDPR compliance, ensuring a highstandard of security best practices. More details on Supabase’s security and compliance can be found at: https://supabase.com/security.

Internal Security Practices

We follow least privilege access principles to restrict access to sensitive systems and data. Our team receives regular security training and adheres to best practices in software development, including secure coding guidelines. We conduct periodic security reviews and audits to maintain a strong security posture.

Incident Response & Reporting

In the event of a security incident, we follow a structured incident response plan to identify, contain, and resolve threats promptly. If you identify a security vulnerability, please report it to us at: team@ceviche.ai.

Contact

For more information about our security practices, feel free to reach out at team@ceviche.ai.