Your secrets stay encrypted
API keys, tokens, and environment variables are encrypted at rest with AES-256-GCM. Encryption keys are versioned to support rotation, and decryption only happens when your site needs the value.
Your secrets, your data, and the infrastructure that runs your sites are protected by deliberate, layered choices we'd be happy to walk you through.
API keys, tokens, and environment variables are encrypted at rest with AES-256-GCM. Encryption keys are versioned to support rotation, and decryption only happens when your site needs the value.
Platform URLs and custom domains are all served over HTTPS by default. There's no opt-in toggle and no plan tier where it's missing.
Every AI build runs in a locked-down container as a non-root user with no Linux capabilities. Default-deny network policies stop it from reaching anything beyond the few internal services it needs, including cloud metadata endpoints.
Every website gets its own PostgreSQL database with dedicated credentials. One site can never read or touch another site's data, even on shared infrastructure.
Passwords are hashed with Argon2 and session tokens are stored as SHA3-256 digests, never in plaintext. Email-based two-factor is required at every sign-in.
Production data lives in the European Union, on infrastructure operated from the EU.
Found something that looks off? Email [email protected].