BackOffice Scripts is built for professionals in regulated industries. Here is how we protect your data at every stage.
All data transmitted between your browser and our servers is protected with TLS 1.3 (256-bit encryption). API endpoints enforce HTTPS only.
Stored files and database records are encrypted using AES-256 at rest via Supabase's infrastructure, which runs on AWS with encrypted EBS volumes.
Every database query is scoped to the authenticated user via Row Level Security (RLS) policies in PostgreSQL. Users cannot access other users' data, even through direct database queries.
Processed files are automatically deleted after your configured retention period (1, 7, or 30 days). You can also delete all your data immediately at any time.
We use the OpenAI API, which by policy does not use API inputs or outputs for model training. Your data is processed, results are returned, and inputs are not retained by OpenAI.
Every action — file uploads, script runs, downloads, deletions, and settings changes — is logged with timestamps. Users can review their own audit trail in Settings.
User authentication is handled by Clerk, providing secure session management, multi-factor authentication support, and protection against common authentication attacks.
BackOffice Scripts runs on Vercel (SOC 2 Type II) with Supabase (SOC 2 Type II) for database and storage. Both providers maintain comprehensive security programs with regular third-party audits.
SOC 2 Type II Infrastructure
CCPA Ready
GLBA Aligned
TCPA Compliant
Need a security questionnaire completed or a detailed security review? Contact our team.