Skip to main content

Security

Security & Compliance

Your data and privacy are our top priority

Authentication & Authorization

AWS Cognito-powered authentication with OAuth 2.0

JWT validation with JWKS caching

Role-based access control (RBAC) for all endpoints

Access tokens only (token_use=access validation)

Data Protection

End-to-end encryption for data in transit (TLS 1.3)

Encryption at rest for all stored data

No storage of plaintext credentials or API keys

Regular security audits and penetration testing

Infrastructure & Operations

Hosted on AWS with SOC 2 compliance

CORS whitelist to prevent unauthorized access

Comprehensive audit logging for all actions

Automated backups and disaster recovery

Responsible Disclosure

If you discover a security vulnerability, please contact us immediately at security@alphapod.ai. We take all reports seriously and will respond within 48 hours.

Please do not publicly disclose vulnerabilities until we have had an opportunity to address them.