Home / Trust / Security Overview
Developum AI Inc. · Security

Security Overview.

Effective July 1, 2026

This page describes the technical controls that protect the data our customers trust us with. It is written to be legible to engineers, auditors, and enterprise buyers doing security diligence.

The Non-Negotiables

Data Architecture

Application Data
Supabase (Postgres). Row-Level Security enforced on every table containing customer content. RLS policies audited weekly via automated script. Backups: daily automated SQL dumps with verification.
Authentication
Supabase Auth. JWT-based session tokens with 1-hour expiry and rotation. Passwords hashed with bcrypt. Optional MFA available.
File Storage
Supabase Storage. Private buckets with signed URLs (1-hour default expiry, auto-refreshed). No public direct-access URLs for customer content.
Infrastructure
Hetzner Cloud. EU/US data centers, physical security handled by Hetzner. Server-level firewalls, SSH-key-only access, no password authentication.
Payments
Stripe. All payment methods, subscription state, and card details stored by Stripe. We store only opaque customer + subscription IDs and event webhooks.
Email Notifications
Transactional email sent via SMTP through Supabase Auth. Content is limited to authentication flows (verify email, reset password) — no marketing.

Access Controls

Monitoring & Incident Response

What We Don't Do

Reporting a Vulnerability

Security researchers and users who identify a vulnerability are asked to disclose responsibly by emailing security@developumaiengine.com. Please do not publicly disclose until we have had reasonable time to remediate (typically 30-90 days depending on severity). We do not currently operate a paid bounty program, but we credit disclosures publicly if the researcher requests it.

More Detail

For the full security posture — access control policy, change management policy, incident response plan, DR/BCP with RTO/RPO metrics, and system evidence — see our Trust Center or write to security@developumaiengine.com for the auditor package.

Questions or requests? Reach us at security@developumaiengine.com for security, compliance, or auditor inquiries. For all other legal questions: hello@developumaiengine.com.