Your data security
is our priority
We take security seriously at every layer — from infrastructure and authentication to data storage and access controls.
How we protect your data
A comprehensive overview of the security measures we have in place.
Encrypted Connections
All data transmitted between your browser and our servers is encrypted using TLS 1.3. We enforce HTTPS on every endpoint with HSTS headers.
Secure Authentication
We use Supabase Auth with industry-standard protocols (OAuth 2.0, PKCE). Passwords are hashed using bcrypt with per-user salts. We support social sign-in via GitHub and Google.
Infrastructure Security
InterviewOS is deployed on Vercel's edge network with automatic DDoS protection. Our database is hosted on Supabase with Row Level Security (RLS) policies enforcing data isolation.
Data Access Controls
Access to production systems is restricted to essential personnel only. All database queries go through Supabase's RLS layer, ensuring users can only access their own data.
Incident Response
We have a defined incident response process. In the event of a security breach, affected users will be notified within 72 hours with details of the incident and steps taken.
Responsible Disclosure
We welcome security researchers to report vulnerabilities responsibly. If you discover a security issue, please contact us privately before any public disclosure.
Found a vulnerability?
We appreciate responsible disclosure. If you've discovered a security issue, please report it privately so we can investigate and fix it before any public disclosure.