No Cookies No Tracking No Ads

Security at Hub4Apps

How we protect your data using enterprise-grade infrastructure

Our Security Approach

We're a small team, but we leverage enterprise-grade infrastructure to protect your data. Our primary partner, Supabase, is SOC 2 Type II and ISO 27001 certified, providing the same level of security used by Fortune 500 companies.

How Your Data Is Protected

Encryption Everywhere

  • At Rest: AES-256 encryption for all data in Supabase databases
  • In Transit: TLS 1.3 encryption (HTTPS) for all data transmission
  • Journal Entries: Encrypted on your device before leaving your phone
  • Encryption Keys: Stored in device hardware security (iOS Keychain, Android KeyStore)

Access Controls

  • Row-Level Security (RLS): Database policies ensure you can only access your own data
  • Password Security: Bcrypt hashing (never stored in plain text)
  • Session Tokens: Secure JWT authentication
  • OAuth 2.0: Industry-standard for Apple/Google Sign-In

Our Infrastructure Partner: Supabase

We host all Services on Supabase, which provides:

Supabase Security Certifications

  • SOC 2 Type II Certified - Independent security audit
  • ISO 27001 Certified - International security standard
  • GDPR Compliant - EU data protection
  • CCPA Compliant - California privacy law
  • AWS Infrastructure - Enterprise data centers
  • 99.9% Uptime SLA - High availability

→ View Supabase Security Details

Physical Security

  • Data stored in AWS data centers with 24/7 physical security
  • Biometric access controls
  • Video surveillance and monitoring
  • Redundant power and network connectivity

Backup & Recovery

  • Automated encrypted backups
  • Point-in-time recovery capabilities
  • Geographic redundancy
  • Disaster recovery procedures

Data Breach Response

In the unlikely event of a security incident:

  1. Immediate Investigation: We investigate incidents immediately upon discovery
  2. 72-Hour Notification: Affected users notified within 72 hours
  3. Regulatory Reporting: Authorities notified as required by law (GDPR, CCPA)
  4. Remediation Guidance: Clear steps provided to protect yourself
  5. Transparency: Public incident report for widespread breaches

Vendor Accountability

If a security incident involves Supabase or another third-party provider:

  • They must notify us within 24 hours
  • We notify affected users within 72 hours
  • Vendor is responsible for remediation costs
  • We provide full transparency about the source of the breach

Compliance

We comply with major privacy and security regulations:

  • GDPR (General Data Protection Regulation) - EU privacy law
  • CCPA/CPRA (California Consumer Privacy Act) - CA privacy rights
  • Apple App Store privacy requirements
  • Google Play Store security requirements

Your Security Rights

Report Security Issues

If you discover a security vulnerability, please report it responsibly:

  • Email: support@hub4apps.com
  • Response Time: We respond within 24 hours
  • Responsible Disclosure: Please give us time to fix issues before public disclosure

Questions about security? Contact us at support@hub4apps.com

Last Updated: January 2025