Security

Architecture

• Supabase PostgreSQL with row-level security (RLS)
• Every query is scoped to the authenticated user
• JWT-based authentication via Supabase Auth
• API hosted on Railway with automatic TLS

Data Handling

• ZIP files are encrypted in Supabase Storage
• Raw message content is purged after AI scoring
• Only aggregate statistics are retained long-term
• All API traffic is encrypted with TLS 1.3

AI Processing

• Anthropic Claude API with enterprise data agreements
• Messages sent to AI are not stored or used for training
• AI processing happens in-memory, not persisted

Payments

• All payments processed by Stripe
• We never see or store your credit card details
• PCI DSS compliant via Stripe Checkout

Report a Vulnerability

Found a security issue? Email security@warmgraph.ai. We take all reports seriously and will respond within 48 hours.