Secure by design

Your code, data, and ideas are protected at every layer. From encrypted storage to sandboxed environments, security is built into the foundation of Startbase — not bolted on.

Report a vulnerability

How we protect your data

Security isn't an afterthought — it's woven into every layer of the platform.

Encrypted by Default

All data is encrypted in transit via TLS 1.2+ and at rest using AES-256. Database connections use SSL, and secrets are never stored in plaintext.

Secure Data Storage

Your project data lives in isolated Supabase PostgreSQL databases with row-level security policies. We enforce strict access controls at every layer.

Authentication & Access

Powered by Supabase Auth with support for email/password, magic links, and OAuth providers. Sessions are short-lived with secure token rotation.

No Training on Your Data

Your prompts, code, and project data are never used to train AI models. We contractually restrict all third-party AI providers from using your data for training.

Isolated Environments

Each project runs in its own sandboxed environment. Cross-project data access is impossible by design, with strict logical separation between workspaces.

Continuous Monitoring

Automated rate limiting, abuse detection, and real-time platform monitoring protect against misuse. We track anomalous patterns and respond proactively.

Compliance & standards

We're working toward industry-standard certifications as we prepare for launch.

SOC 2Type II — Planned

GDPRCompliant

ISO 27001Planned

Security practices

Beyond architecture, these are the ongoing practices that keep the platform secure.

Vulnerability Management

Dependencies are continuously scanned for known vulnerabilities. Critical patches are applied promptly, and we maintain a responsible disclosure process.

Infrastructure Security

Our infrastructure runs on hardened cloud platforms with network isolation, web application firewalls, and adaptive rate limiting at IP and user levels.

Secure Code Generation

AI-generated code is scanned for common security issues before deployment. We check for injection vulnerabilities, insecure configurations, and dependency risks.

Incident Response

We maintain a documented incident response plan with defined severity levels, escalation procedures, and post-incident review processes.

Frequently asked questions

Common questions about how Startbase handles security and data privacy.

Have a security concern?

We take every report seriously. Reach out and our team will respond within 48 hours.

Contact security team

Secure by design

How we protect your data

Encrypted by Default

Secure Data Storage

Authentication & Access

No Training on Your Data

Isolated Environments

Continuous Monitoring

Compliance & standards

Security practices

Vulnerability Management

Infrastructure Security

Secure Code Generation

Incident Response

Frequently asked questions

Where is my data stored?

Do you use my data to train AI models?

How are projects isolated from each other?

What authentication methods do you support?

How do you handle secrets and API keys?

Can Startbase employees access my project code?

Do you perform security testing?

What happens if there is a security incident?

Is generated code scanned for vulnerabilities?

How can I report a security vulnerability?

Have a security concern?