Security at Appmeasurely

Infrastructure Security

• Database: All data is stored on Supabase (PostgreSQL) with row-level security enabled. Each client's data is strictly isolated.
• Encryption at rest: AES-256 encryption for all stored data.
• Encryption in transit: TLS 1.2+ for all data in transit between clients, SDKs, and our servers.
• Hosting: Deployed on enterprise-grade cloud infrastructure with 99.97% uptime SLA.

Application Security

• Authentication: Secure authentication with email verification and session management via Supabase Auth.
• API security: All API endpoints require valid API keys. Keys are hashed before storage.
• Input validation: All inputs are validated and sanitized to prevent injection attacks.
• CORS: Strict Cross-Origin Resource Sharing policies are enforced.
• Rate limiting: API rate limiting to prevent abuse and DDoS attacks.

Data Isolation

Each client's data is completely isolated using row-level security (RLS) policies. A client can only access their own apps, events, and analytics data. Admin access requires separate credentials and is strictly controlled.

Fraud Detection Security

Our fraud detection engine runs server-side and cannot be bypassed by SDK modifications. All fraud events are logged immutably for audit purposes.

Compliance

Vulnerability Disclosure

We take security vulnerabilities seriously. If you discover a security issue, please report it responsibly to security@appmeasurely.com. We will acknowledge your report within 24 hours and work to resolve confirmed vulnerabilities promptly.

Security Updates

We continuously monitor for security threats and apply patches promptly. Critical security updates are deployed within 24 hours of discovery.