CR = Cindy & Roy

🔒 Security

How CR AudioViz AI protects your data, credentials, and privacy.

🔐

AES-256-GCM Encryption

All credentials and secrets stored with AES-256-GCM encryption using PBKDF2 key derivation. No plaintext secrets anywhere in the system.

🛡️

OWASP Top 10

All APIs built to OWASP Top 10 security standards. SQL injection prevention, CSRF protection, XSS sanitization, and rate limiting on every endpoint.

🔑

OAuth 2.0

Authentication via Google, GitHub, Discord, Microsoft, and LinkedIn OAuth. No passwords stored unless explicitly set by the user.

📊

Row-Level Security

Supabase PostgreSQL with RLS policies ensuring users can only access their own data. All queries are scoped to the authenticated user.

💳

PCI-DSS Payments

Payment data processed exclusively by Stripe and PayPal. We never store raw card numbers. Both providers maintain PCI-DSS Level 1 compliance.

📋

Audit Logging

Complete audit trail of credential access, admin actions, and API key usage. Tamper-proof logs stored in Supabase with timestamps.

🔄

Automatic Rotation

API keys and credentials support scheduled rotation. Expiry alerts sent before keys expire. Zero-downtime rotation for all integrations.

🌐

HTTPS Only

All traffic encrypted in transit. HSTS headers enforced. Certificate management via Vercel's automatic SSL provisioning.

Report a Security Issue

Found a vulnerability? Please disclose responsibly to security@craudiovizai.com. We respond within 24 hours.