Security

TLS 1.2+ in transit on every customer-facing endpoint.

At-rest encryption on Supabase-backed Postgres.

Application-layer AES-256-GCM for HubSpot access and refresh tokens before they reach the database. Tokens are never logged in plaintext.

Supabase Auth with secure cookies. Email-based password reset.

OAuth-based HubSpot connection with state validation tied to the session user.

Session secrets are rotated.

Workspace-scoped access controls. Membership roles: OWNER, ADMIN, EXPERT, MEMBER, CLIENT_VIEW.

Mutating routes verify CSRF and check membership and role before acting on data.

App: Vercel. Database: Supabase Postgres. Background jobs: Inngest. Email: Resend.

Each customer’s data is logically isolated by workspace ID; queries are scoped at the application layer with row-level guards in the database where applicable.

Application errors are logged in our error log table and forwarded to our monitoring stack. Customer credentials are never logged.

Database backup and point-in-time recovery procedures are being formalized as part of our SOC 2 readiness work. Current configuration details are available on request: hello@ancil.ai.

We commit to investigating any reported incident within 24 hours and to notifying impacted customers without undue delay if their data is affected.

SOC 2 Type II observations are in progress. The current security posture document and a vendor questionnaire are available on request: hello@ancil.ai.

Email security@ancil.ai. We will acknowledge within 2 business days. We do not yet operate a paid bug bounty; we are happy to credit researchers who follow responsible disclosure.