Data Security

Encryption

Platform OAuth tokens are encrypted at rest using AES-256-GCM. All traffic is served over TLS (HTTPS).

Access & isolation

Multi-tenant data is isolated by row-level security. Access to production systems is limited to authorised personnel.

Infrastructure

Hosting and data storage run on Vercel and Supabase; both maintain industry-standard security practices. Personal data is stored in Switzerland (Supabase, Zurich region — covered by an EU adequacy decision) and processed within the EU (Vercel, Frankfurt).

Minimisation

We request read-onlyscopes from connected platforms and only the data needed to display your analytics. We don't request write/management permissions we don't use.

Reporting

To report a security concern, contact info@kgong.dk.