Security Policy

Security is foundational to Xenith. This page describes the technical and organizational measures we use to protect your data. No system can be guaranteed perfectly secure, but we continuously review and improve our controls.

All traffic to and from Xenith is encrypted in transit using TLS (HTTPS), enforced with HSTS. Data at rest in our database and file storage is encrypted by our infrastructure providers. Passwords are never stored in plain text — authentication is handled by Supabase Auth, which stores credentials as salted, hashed values.

Xenith runs on established, security-conscious providers. Application hosting is on Vercel; our database, authentication, and file storage are managed by Supabase (built on PostgreSQL). These providers maintain their own compliance certifications and physical and network security controls.

Database access is governed by row-level security, so users can only read and write their own records. Administrative and production access is limited to authorized personnel on a least-privilege basis, and privileged service credentials are kept server-side and never exposed to the browser.

• A strict Content Security Policy and security headers (X-Frame-Options, X-Content-Type-Options, Referrer-Policy, and others) to reduce the risk of injection and clickjacking.
• Cloudflare Turnstile bot protection on sign-up and public forms.
• Input validation and rate limiting on sensitive endpoints.
• Optional sign-in with trusted identity providers (Google, Microsoft) via OAuth.
• Disposable and throwaway email addresses are blocked at sign-up.

We use error monitoring (Sentry) to detect, diagnose, and resolve crashes and anomalies. We aim to minimize the personal data captured in diagnostic events.

You can help keep your account secure by using a strong, unique password, keeping your devices and browser up to date, and signing out on shared devices. Notify us immediately if you suspect unauthorized access to your account.

If you believe you have found a security vulnerability, please report it responsibly under our Responsible Disclosure Policy. You can reach our security team at security@xenith.life.