Security

How we protect your data, your platforms, and your users.

Security is foundational to everything we build at Scelar. We take a defense-in-depth approach to protect your data at every layer.

Infrastructure

  • Hosting - Our infrastructure runs on Vercel and AWS with automatic scaling and redundancy
  • Encryption in transit - All traffic is encrypted with TLS 1.3. We enforce HTTPS on every endpoint.
  • Encryption at rest - All stored data is encrypted using AES-256
  • Isolation - Each customer's generated platform runs in an isolated environment

Authentication & Access

  • Secure authentication - Passwords are hashed with bcrypt. We support OAuth providers (Google, GitHub).
  • Session management - Secure, HTTP-only cookies with automatic expiration
  • Role-based access - Team workspaces enforce role-based permissions (admin, editor, viewer)

Payment Security

  • PCI compliant - All payment processing is handled by Stripe, a PCI Level 1 certified provider
  • No card storage - We never store, process, or have access to your full credit card numbers
  • Fraud detection - Stripe Radar provides real-time fraud prevention on all transactions

Data Protection

  • Backups - Automated daily backups with point-in-time recovery
  • Data retention - You can delete your account and all associated data at any time. Deleted data is purged within 30 days.
  • Access logging - All access to production systems is logged and audited

Generated Platform Security

Every platform Scelar generates follows security best practices:

  • CSRF protection on all forms
  • Input sanitization and validation
  • SQL injection prevention via parameterized queries
  • XSS protection with proper output encoding
  • Secure HTTP headers (Content-Security-Policy, X-Frame-Options, etc.)

Incident Response

In the event of a security incident, we will notify affected users within 72 hours, investigate and contain the issue immediately, and provide a full post-mortem with remediation steps.

Responsible Disclosure

If you discover a security vulnerability, please report it to [email protected]. We take all reports seriously and will respond within 24 hours.