PondralTrust report.
A summary of Pondral's security, privacy, and reliability posture.
Security posture
Encryption at rest (AES-256) provided by Supabase (AWS us-east-1). TLS 1.2+ enforced in transit; HSTS preloaded. Secrets managed via Vercel environment variables.
Production database access restricted to service-role credentials. Row-level security (RLS) enforced on all tenant-scoped tables.
Privacy posture
No third-party ad trackers or pixels on the product surface. We do not sell or share Customer Data. Data subject requests are honored within 30 days.
GDPR and CCPA/CPRA compliance is a priority. For EU data processing questions or DPA requests, contact hello@pondral.com.
Reliability
Hosted on Vercel (Fluid Compute) with Supabase Postgres (us-east-1). Vercel provides edge-network redundancy and automatic failover within their infrastructure.
Pondral is an early-stage product. We do not yet operate a public status page or publish SLA guarantees. For uptime-sensitive deployments, contact us to discuss your requirements.
Vendor management
Primary infrastructure vendors: Vercel (compute/CDN), Supabase (database/auth), Stripe (payments), Resend (email). Vendor security posture is evaluated before adoption.
Vulnerability management
Continuous dependency scanning via GitHub Dependabot. Internal security audits conducted periodically (most recent: June 2026, covering SSRF, RLS, rate limiting, API key auth, and server-side error reporting).
Responsible disclosure policy at /security.txt. We acknowledge receipt within one business day and triage within five.