Security is the product
Credentials exist to establish trust. That starts with how we protect your data — defaults on day one, not features on day 500.
Last updated: April 5, 2026
On this page
How we protect you
Security, by default
Six layers of protection, none of which require configuration.
Encryption at Rest & Transit
AES-256 at rest. TLS 1.3 in transit. No exceptions, no toggles.
EU Data Centers
All data stored in GDPR-compliant data centers within the European Union.
Secure Authentication
PKCE OAuth flows, magic links, and multi-factor auth support.
Row-Level Access Controls
Postgres RLS policies enforce data isolation at the database layer.
Audit Logging
Every issuance, revocation, and verification is logged and queryable.
Regular Security Audits
Ongoing dependency scanning, penetration testing, and vulnerability triage.
Infrastructure
Built on battle-tested foundations
Vercel & Supabase
Enterprise-grade hosting with auto-scaling and DDoS protection.
PostgreSQL with RLS
Row-level security policies ensure per-tenant data isolation.
Daily automated backups
Point-in-time recovery, retained for compliance windows.
99.9% uptime SLA
Multi-region architecture with redundancy and failover.
Compliance & Certifications
We publish progress on our compliance roadmap. Ask for our current security questionnaire any time.
Responsible disclosure
Found something? Tell us.
We value the security research community. If you discover a vulnerability, please report it responsibly — we commit to working with you to understand and resolve issues quickly.
security@truecerta.com