Security & Trust
Security and trust at every layer.
Your inventory data is isolated, encrypted in transit, and never used to train AI models.
Start free trialInfrastructure
Built to enterprise standards from the start.
Row-Level Security
Every table in the database has row-level security enforced at the database layer. Your data is cryptographically isolated from every other tenant. No code-level filtering — enforced by the database itself.
HTTPS Everywhere
All traffic is encrypted via HTTPS. HTTP Strict Transport Security (HSTS) is enforced. Your data is never transmitted in plaintext.
Secure Authentication
Authentication is handled by Supabase Auth — enterprise-grade session management with JWT tokens. Password resets and email verification are built-in.
No AI Training On Your Data
Demand forecasting runs entirely inside your account's database, so no external AI touches your inventory predictions. Your business data is never used to train AI models. In-app features such as the Allobot assistant and import column mapping process operational data through OpenAI under its API terms, never for model training.
Enterprise Hosting
Infrastructure runs on Supabase (managed Postgres) and Vercel. Both platforms operate enterprise-grade security with SOC 2 compliance on their end.
Security Headers
All responses include X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy, and HSTS headers to protect against common web attacks.
Data Handling
What we collect and how we use it.
Inventory and business data
Counts, products, customers, locations, and predictions are stored in your account's isolated database and used to generate forecasts, alerts, and in-app assistance for your account. It is never sold or shared for advertising, and never used to train AI models.
Authentication data
Email addresses and hashed passwords are managed by Supabase Auth. We store a display name associated with each user. No passwords are stored by Allodial directly.
Billing data
Payment processing is handled by Stripe. Allodial does not store credit card numbers. Stripe's PCI-compliant infrastructure manages all payment data.
Usage data
We may collect anonymized usage data (pages visited, features used) to improve the product. This data is not linked to your inventory or business data and is not shared.
Alpha Stage
Honest about where we are.
Allodial Predict is in alpha. Security practices are production-grade from the start — not retrofitted later. Row-level security, HTTPS enforcement, and secure session management were built before the first user account was created.
We do not use production data in development or testing environments. Alpha partners work in production with real data from day one — which is why the infrastructure was built to production standards.
Formal third-party penetration testing and SOC 2 certification are on our roadmap as we move toward general availability. If you have specific compliance requirements, contact us before onboarding.
Security questions?
If you have specific security requirements, a compliance question, or want to discuss our infrastructure in more detail before onboarding — contact us directly.
To report a vulnerability, email security@allodialsupply.com.