Security
A high-level overview of security practices and product controls. This page describes how the platform works today; it is not a certification claim.
Authentication & sessions
The platform uses Supabase Auth for identity. The backend validates access tokens via Supabase (JWKS or introspection) and can maintain sessions using httpOnly cookies. Cookies are configured with Secure and SameSite settings appropriate to the deployment environment.
Tenant boundaries
Data access is scoped to an organization. The product is designed to enforce org-level boundaries and least-privilege access patterns.
Controlled sharing
External portal links are designed for controlled access. Shared resources can be exposed via tokenized URLs, with optional email OTP verification for access flows.
Transport security
In production, traffic should be served over HTTPS. Session cookie settings honor forwarded protocol headers when running behind proxies.
Reporting a vulnerability
If you believe you’ve found a security issue, please contact security@cleverops.ai with details. We’ll respond as quickly as possible.