Security

Your data, protected

Security isn't a feature we bolted on — it's foundational to how Superstudio is built. From database architecture to authentication flows, every layer is designed to keep your studio's data safe.

Data Isolation

Every workspace's data is isolated at the database level using PostgreSQL Row Level Security. No tenant can ever access another tenant's data, even through application bugs.

Encryption

All data in transit is encrypted via TLS 1.3. OAuth integration tokens are encrypted at rest using AES-256. Database backups are encrypted server-side.

Authentication

Powered by Supabase Auth with support for email/password, magic links, and SSO. Passwords are hashed using bcrypt. Sessions use short-lived JWTs with automatic refresh.

Role-Based Access

Three-layer RBAC enforcement: database policies, API middleware, and UI guards. Permissions are enforced at the data layer — they can't be bypassed from the frontend.

Third-Party Integrations

OAuth 2.0 with PKCE for all integrations. Tokens are stored encrypted, scoped to the minimum required permissions, and can be revoked by the user at any time.

Infrastructure

Hosted on Vercel (web) and Supabase (database, auth, edge functions). Both providers maintain SOC 2 Type II compliance, regular penetration testing, and incident response programs.

Responsible Disclosure

If you discover a security vulnerability, please report it to security@super.studio. We take all reports seriously and will respond within 48 hours. We ask that you give us a reasonable window to address the issue before public disclosure.

Superstudio

The unified platform for architecture, real estate, and development studios.

ProductFeatures Integrations Pricing

CompanyAbout Contact

LegalPrivacy Policy Terms of Service Security