SalsabeelSalsabeel
Legal

Security

Last updated 2026-05-13 · Salsabeel Technologies Ltd (Salsabeel)

An overview of how we protect your data and our infrastructure. Have a security concern? Email security@salsabeel.app — we acknowledge reports within 48 hours.

Hosting & infrastructure

  • Edge runtime on Cloudflare Workers (DDoS protection, global TLS termination).
  • Postgres database, auth, and object storage on Supabase, with encryption at rest.
  • Daily logical backups; point-in-time recovery available on paid plans.

Encryption

  • TLS 1.2+ for all traffic in transit.
  • AES-256 at rest for database and object storage.
  • Secrets stored in an encrypted secret manager, never in source code.

Access control

  • Row-Level Security on every tenant table — customers can never read each other's data.
  • Least-privilege internal access; production access is audited.
  • 2FA enforced on all employee accounts and infrastructure providers.

Payments

We never see, store, or process raw card data. Payments are handled by Paddle, a PCI-DSS Level 1 certified merchant of record.

Disclosure & vulnerability reports

Please report vulnerabilities responsibly to support@salsabeel.dev. Do not test against accounts other than your own. We will not pursue legal action against good-faith security research that respects this policy.

Compliance roadmap

We are GDPR / UK-GDPR aligned today. SOC 2 Type II is on our roadmap and is not yet certified — we will publish the report on this page once complete.

Questions? Email legal@salsabeel.dev. Mailing address: 1209 N Orange St, Suite 100, Wilmington, DE 19801, USA.