Security Pillars
Every layer of AllyShield is designed with security as a first-class concern.
Infrastructure Security
Enterprise-grade infrastructure hosted on Supabase + Vercel with automated failover, regional redundancy, and continuous monitoring. SOC 2 Type II attestation in progress.
Data Encryption
AES-256 encryption at rest and TLS 1.3 in transit. All sensitive data encrypted end-to-end with regularly rotated keys.
Access Control
Role-based access control (RBAC), SAML-based SSO integration, and mandatory two-factor authentication for all accounts.
Privacy & GDPR
Full GDPR compliance with data processing agreements, right to erasure, data portability, and regular privacy audits.
Vulnerability Management
Quarterly penetration testing by independent firms, continuous vulnerability scanning, and an active responsible disclosure program.
Uptime & Reliability
99.9% SLA-guaranteed uptime with automated failover, multi-region redundancy, real-time monitoring, and <4h recovery time.
Compliance & Certifications
Technical Controls
Specific safeguards running in production today.
All outbound fetches from user-supplied URLs are validated against private IP ranges (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 169.254.0.0/16) and cloud metadata endpoints (AWS, GCP, Azure).
Per-IP and per-org rate limits on password reset, free scan, and API authentication — enforced via Upstash Redis so limits apply across every serverless instance, not just per-lambda.
Double-submit cookie pattern on every state-changing request. Bearer API keys and Stripe-signed webhooks are exempt by design; cookie-auth routes require an X-CSRF-Token header that matches the httpOnly-companion cookie.
HTML content from blogs and docs is sanitized with DOMPurify. User search terms are stripped of PostgREST filter operators before query composition.
Incoming Stripe and GitHub webhooks are verified via HMAC signatures using rotating secrets. Outbound webhook deliveries are signed so receivers can verify authenticity.
Every user-facing query is constrained to the authenticated user's organization at the database level — not just the application layer.
OAuth callback flows (Slack, GitHub, Linear, Asana) verify the authenticated user owns the organization encoded in state, and reject states older than 10 minutes to close the replay window.
When an admin views an account as a user, we mint a single-use, signed magic-link — never swap session cookies silently. Every impersonation writes to admin_audit_log with the admin email, target user, and timestamp.
HttpOnly + Secure + SameSite=Lax cookies. No tokens in localStorage. Sessions refresh automatically via Supabase Auth.
On plan downgrade, premium state (API keys, webhooks, Slack integrations, white-label, scheduled scans) is revoked automatically across all paths.
Account deletion is soft-marked for 30 days during which recovery is a single click, then hard-deleted by a daily cron that purges the auth user and any org where they were sole owner — GDPR Article 17 compliant.
HMAC-SHA256 signature over {scanId, orgId, score, scannedAt} using a server-held secret; publicly verifiable via /verify/cert/[id]?sig=... so counterparties can confirm authenticity without an account.
Responsible Disclosure
We value the work of security researchers and welcome responsible disclosure of any vulnerabilities. Please report issues to:
security@allyshield.net
What to provide:
- Detailed description of the vulnerability
- Steps to reproduce the issue
- Potential impact assessment
- Any supporting screenshots or proof of concept
What we commit to:
- Acknowledgment within 48 hours
- Regular updates on remediation progress
- No legal action for good-faith research
- Credit in our security hall of fame (if desired)
Ready to Secure Your Website?
Learn more about how AllyShield keeps your data safe and your business compliant.