← Back to Home

Security Practices

Last updated: March 2026

1. Infrastructure Security

Versalith runs on Supabase-hosted infrastructure, which provides enterprise-grade security, redundancy, and compliance capabilities. Our database (PostgreSQL) and authentication services are hosted in secure, monitored environments with physical and logical access controls.

2. Encryption

  • In transit: All data transmitted between your device and our services uses TLS 1.2 or higher. This protects your data from interception during transmission.
  • At rest: Data stored in our database is encrypted at rest. Supabase uses industry-standard encryption for persistent storage.

3. Access Controls

We implement least-privilege access: only authorized personnel with a business need can access production systems. Access is logged and reviewed. Database access is restricted by role, and sensitive operations require additional authentication or approval where appropriate.

4. Authentication

We use OAuth 2.0 via Google Sign-In (Supabase Auth) for authentication. We do not store passwords; authentication is delegated to Google. Session tokens are managed securely and can be revoked. We support industry-standard session handling to prevent unauthorized access.

5. Data Handling Practices

We process user data only as necessary to provide the Service. Blog content is transmitted to AI providers (OpenAI, Anthropic, Google) for generation; we select providers with strong security and privacy commitments. Payment data is handled by Razorpay; we do not store full card numbers. We follow secure development practices and regular dependency updates.

6. Incident Response

We maintain incident response procedures to detect, contain, and remediate security incidents. In the event of a data breach affecting personal data, we will notify affected users and relevant authorities as required by applicable law.

7. Third-Party Security

We assess the security and compliance posture of our key vendors (Supabase, AI providers, Razorpay, Unsplash) before and during engagement. We rely on their certifications and practices where applicable. Sub-processor information is available in our Data Processing Agreement.

8. Responsible Disclosure

If you discover a security vulnerability, please report it to us at contact@versalith.com. We will respond promptly and work with you to resolve the issue. We ask that you refrain from exploiting vulnerabilities and give us reasonable time to address them before public disclosure.

9. Contact

For security-related inquiries, contact Versalith at contact@versalith.com.