Trust Center
Last updated: April 29, 2026
We take the security of your data seriously. This page summarizes the practices, infrastructure, and third-party services we use to protect your information at Essoflo.
Encryption
- In transit: all traffic to and from Essoflo is encrypted using HTTPS (TLS).
- At rest: customer data is encrypted at rest by our infrastructure providers.
Authentication and Passwords
We use Supabase Auth to manage authentication. Passwords are hashed using industry-standard algorithms (bcrypt) before storage — we never store plaintext passwords. Session tokens are issued securely and expire over time.
Backups
Our database is backed up regularly so we can recover from data loss events. Backups are encrypted and retained for a limited period.
Access Controls
Customer Content is scoped to your organization’s workspace and is only accessible to members you invite. Internally, access to production systems is limited to team members who need it for operational purposes, and we use multi-factor authentication on critical accounts.
Monitoring
We monitor the Service for performance, errors, and unusual activity. We respond to incidents promptly and notify affected users when required.
Subprocessors
Essoflo uses a small number of trusted third-party services that may process limited customer data on our behalf in order to deliver their services.
| Subprocessor | Purpose | Data Processed | Location |
|---|---|---|---|
| Vercel | Application hosting and edge infrastructure | Account data, usage data, IP addresses | United States (global edge) |
| Supabase | Database, authentication, file storage | Account data, customer content, authentication credentials | United States |
| Stripe | Payment processing | Name, billing address, email, payment information | United States (global) |
| Google Analytics 4 | Website and product analytics | Usage data, IP address (anonymized), device data | United States (global) |
| Vercel Analytics | Performance and visitor analytics | Usage data, page views, device data | United States (global) |
We may add or change subprocessors as the Service evolves. We will update this page when changes occur. To be notified of subprocessor changes, email support@essoflo.com.
Your Role
Security is a shared responsibility. You can help by:
- Choosing a strong, unique password
- Keeping your login credentials private
- Logging out of shared devices
- Reporting suspicious activity to support@essoflo.com
Reporting a Vulnerability
If you discover a security issue, please report it to support@essoflo.com with “Security” in the subject line. We appreciate responsible disclosure and will work with you to address the issue quickly.
Looking Ahead
As Essoflo grows, we plan to expand our security program with formal certifications and additional controls. We’ll keep this page updated as our practices evolve.