Security Policy
Last Revised On: January 17, 2025
At Ceviche, Inc., we are committed to maintaining the highest security standards to protect customer data, ensure compliance, and safeguard our systems against potential threats.
Data Security & Encryption
All customer data is stored in Supabase-managed databases, which utilize AES-256 encryption at rest and TLS 1.2+ encryption in transit. We implement role-based access controls (RBAC) to ensure that only authorized users can access sensitive information.
Authentication & Access Control
We use Supabase Auth, which supports secure authentication via email, OAuth, and third-party providers. Access to production systems is limited to authorized personnel with multi-factor authentication (MFA) enforced where applicable.
Infrastructure & Compliance
Our infrastructure is hosted on Supabase, which runs on AWS & Google Cloud, benefiting from their world-class security measures. Supabase maintains SOC 2 Type II, ISO 27001, and GDPR compliance, ensuring a highstandard of security best practices. More details on Supabase’s security and compliance can be found at: https://supabase.com/security.
Internal Security Practices
We follow least privilege access principles to restrict access to sensitive systems and data. Our team receives regular security training and adheres to best practices in software development, including secure coding guidelines. We conduct periodic security reviews and audits to maintain a strong security posture.
Incident Response & Reporting
In the event of a security incident, we follow a structured incident response plan to identify, contain, and resolve threats promptly. If you identify a security vulnerability, please report it to us at: team@ceviche.ai.
Contact
For more information about our security practices, feel free to reach out at team@ceviche.ai.