Loading…
Trust & Safety
We take security seriously. Your business data is protected by multiple layers of security controls, and we continuously invest in keeping it safe.
All data transmitted between your device and our servers is encrypted with TLS 1.3. We enforce HTTPS across all endpoints.
All data stored on our servers is encrypted with AES-256. Database credentials, API keys, and secrets are never stored in plaintext.
Our database enforces row-level security (RLS) ensuring each user can only access their own data — even in the event of an application bug.
We follow the principle of least privilege. Only engineers with a demonstrated need can access production systems, and all access is logged.
Your data is automatically backed up every hour. We retain daily backups for 30 days and monthly backups for 1 year.
We use automated tools to scan our codebase for vulnerabilities in dependencies and update them on a regular cadence.
Hosting: Gestivio runs on Vercel's global edge network with servers in North America and around the world. Application code is deployed on serverless infrastructure with automatic scaling.
Database: Your data is stored on Supabase, a PostgreSQL-based database platform built on AWS. Supabase provides automatic failover, point-in-time recovery, and geographic redundancy.
Payments: All payment processing is handled by Stripe, a PCI-DSS Level 1 certified payment processor. We never store credit card numbers or payment credentials on our servers.
Email delivery: Transactional emails are sent via Resend, which operates its infrastructure on AWS with high deliverability and SPF/DKIM authentication.
If you discover a security vulnerability in Gestivio, please report it responsibly. We will investigate all reports promptly and publicly acknowledge valid discoveries.
Contact: security@gestivio.ca
Please do not publicly disclose vulnerabilities before we have had a chance to address them. We aim to respond to all security reports within 48 hours.