Allodial PredictAllodial Predict

Security & Trust

Security and trust at every layer.

Your inventory data is isolated, encrypted in transit, and never used to train AI models.

Start free trial

Infrastructure

Built to enterprise standards from the start.

Row-Level Security

Every table in the database has row-level security enforced at the database layer. Your data is cryptographically isolated from every other tenant. No code-level filtering — enforced by the database itself.

HTTPS Everywhere

All traffic is encrypted via HTTPS. HTTP Strict Transport Security (HSTS) is enforced. Your data is never transmitted in plaintext.

Secure Authentication

Authentication is handled by Supabase Auth — enterprise-grade session management with JWT tokens. Password resets and email verification are built-in.

No AI Training On Your Data

Demand forecasting runs entirely inside your account's database, so no external AI touches your inventory predictions. Your business data is never used to train AI models. In-app features such as the Allobot assistant and import column mapping process operational data through OpenAI under its API terms, never for model training.

Enterprise Hosting

Infrastructure runs on Supabase (managed Postgres) and Vercel. Both platforms operate enterprise-grade security with SOC 2 compliance on their end.

Security Headers

All responses include X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy, and HSTS headers to protect against common web attacks.

Data Handling

What we collect and how we use it.

Inventory and business data

Counts, products, customers, locations, and predictions are stored in your account's isolated database and used to generate forecasts, alerts, and in-app assistance for your account. It is never sold or shared for advertising, and never used to train AI models.

Authentication data

Email addresses and hashed passwords are managed by Supabase Auth. We store a display name associated with each user. No passwords are stored by Allodial directly.

Billing data

Payment processing is handled by Stripe. Allodial does not store credit card numbers. Stripe's PCI-compliant infrastructure manages all payment data.

Usage data

We may collect anonymized usage data (pages visited, features used) to improve the product. This data is not linked to your inventory or business data and is not shared.

Alpha Stage

Honest about where we are.

Allodial Predict is in alpha. Security practices are production-grade from the start — not retrofitted later. Row-level security, HTTPS enforcement, and secure session management were built before the first user account was created.

We do not use production data in development or testing environments. Alpha partners work in production with real data from day one — which is why the infrastructure was built to production standards.

Formal third-party penetration testing and SOC 2 certification are on our roadmap as we move toward general availability. If you have specific compliance requirements, contact us before onboarding.

Security questions?

If you have specific security requirements, a compliance question, or want to discuss our infrastructure in more detail before onboarding — contact us directly.

To report a vulnerability, email security@allodialsupply.com.