Security

How we protect your data

Our Commitment to Security

At Supernova, we take the security of your personal information seriously. We implement industry-standard security measures to protect your data from unauthorized access, disclosure, alteration, and destruction.

Data Encryption

In Transit

All data transmitted between your device and our servers is encrypted using TLS 1.3 (Transport Layer Security), the same encryption standard used by banks and financial institutions.

At Rest

Your data is encrypted when stored on our servers using AES-256 encryption, one of the strongest encryption standards available.

Authentication & Access Control

  • Secure password hashing using industry-standard algorithms
  • Multi-factor authentication options for enhanced account security
  • Session management with automatic timeout for inactive sessions
  • Role-based access control for internal systems
  • Regular security audits of authentication systems

Payment Security

We use Stripe for payment processing, a PCI-DSS Level 1 certified service provider:

  • Credit card information is never stored on our servers
  • All payment data is encrypted and tokenized
  • Stripe's security is regularly audited by independent third parties
  • Fraud detection and prevention systems actively monitor transactions

Infrastructure Security

  • Cloud infrastructure hosted on secure, enterprise-grade servers
  • Automated security patching and updates
  • Firewalls and intrusion detection systems
  • Regular security vulnerability scanning
  • DDoS protection and mitigation
  • Continuous monitoring and logging of system activity

Data Backup & Recovery

We maintain regular encrypted backups of your data to prevent data loss. Our disaster recovery plan ensures that we can restore your information in the event of a system failure or data breach.

Employee Access

Access to user data is strictly limited to authorized personnel who need it to perform their job functions. All employees undergo background checks and sign confidentiality agreements. Access is logged and regularly audited.

Vulnerability Disclosure

If you discover a security vulnerability, we encourage responsible disclosure:

  • Email security details to security@supernovahq.app
  • Provide detailed information about the vulnerability
  • Allow us reasonable time to address the issue before public disclosure
  • We will acknowledge receipt within 48 hours

Your Security Responsibilities

Help us keep your account secure:

  • Use a strong, unique password for your account
  • Never share your password with anyone
  • Log out of your account when using shared devices
  • Enable multi-factor authentication if available
  • Keep your email address and contact information up to date
  • Report suspicious activity immediately

Incident Response

In the unlikely event of a data breach, we have an incident response plan to quickly identify, contain, and remediate the issue. We will notify affected users and relevant authorities as required by law.

Questions About Security

If you have questions about our security practices, please contact us at security@supernovahq.app