Security at AutoLog

    We take the security of your data seriously. Here's how we keep your information safe.

    Data Encryption

    • All data in transit is encrypted using TLS 1.2+.
    • Data at rest is encrypted via Supabase's AES-256 encryption.
    • API keys are hashed before storage — we never store your raw keys.

    Authentication

    • We use Supabase Auth with GitHub OAuth as the primary sign-in method.
    • Sessions are managed securely with HTTP-only cookies.
    • No passwords are stored — authentication is fully delegated to trusted providers.

    Webhook Verification

    • Every incoming GitHub webhook is verified using HMAC SHA-256 signature validation.
    • Unsigned or tampered payloads are rejected immediately.
    • Each project has a unique webhook secret generated at creation time.

    Row Level Security

    • Every database table has Row Level Security (RLS) policies enabled.
    • Users can only access data belonging to their own projects.
    • Public endpoints expose only explicitly marked public data.

    Infrastructure

    • Backend runs on Supabase Cloud with enterprise-grade infrastructure.
    • Edge functions execute on Deno Deploy's globally distributed runtime.
    • No customer data is stored on local or shared servers.

    Responsible Disclosure

    • If you discover a security vulnerability, please report it to security@autologs.io.
    • We aim to acknowledge reports within 48 hours.
    • We do not pursue legal action against good-faith security researchers.

    Last updated: March 2026