Security
How we protect your data and what to do if you find a vulnerability.
Infrastructure & Data Security
- Encrypted in transit: All data between your browser and our servers is encrypted via TLS 1.2+.
- Encrypted at rest: All data stored in our Supabase (PostgreSQL) database is encrypted at rest by default.
- Row-Level Security (RLS): Database access is controlled at the row level — users can only read and write their own data.
- Auth handled by Supabase Auth: Passwords are never stored in plain text. Authentication uses industry-standard bcrypt hashing.
- Hosted on Vercel & Supabase Cloud: SOC 2 Type II compliant infrastructure with automatic security patching.
Responsible Disclosure
We take security seriously. If you discover a security vulnerability, please report it responsibly — do not publicly disclose the issue until we've had a chance to address it.
Contact: security@bitelrn.com
We aim to acknowledge all reports within 72 hours and resolve confirmed issues within 30 days.
We aim to acknowledge all reports within 72 hours and resolve confirmed issues within 30 days.
What to Include in a Report
- A description of the vulnerability and the potential impact
- Steps to reproduce (URL, request/response, screenshots if applicable)
- Your name or handle (for credit, if desired)