Security Posture
How we protect your application data and ensure operational integrity.
Secure Authentication
We utilize Supabase Auth providing secure, industry-standard JSON Web Token (JWT) session management. Passwords are never stored in plain text and are fully encrypted globally.
Row Level Security
Our databases enforce strict Row Level Security (RLS) policies at the Postgres engine level. This guarantees that API responses mathematically cannot leak data between users or cohorts.
Edge Infrastructure
Hosted entirely on Vercel's global edge network, we benefit from enterprise-grade DDoS protection, Web Application Firewalls (WAF), and automatically provisioned SSL/TLS for all traffic.
Data Encryption
In Transit: All data sent between your browser and our servers is encrypted using modern TLS 1.2 or higher protocols. We enforce HTTP Strict Transport Security (HSTS) ensuring browsers only interact with us over secure connections.
At Rest: All application content, including essay drafts, milestones, and personal profiles, residing in our Supabase databases are encrypted at rest using AES-256 encryption.
Vulnerability Reporting
If you believe you have discovered a security vulnerability within UNIMAP, please help us keep our users safe by disclosing the issue responsibly. We ask that you report issues immediately to security@unimap.io rather than making details public. We will acknowledge your report within 48 hours and work with you to remediate the issue promptly.