Security at BrainBoard
You're trusting us with notes, finances, and sometimes health information. Here's exactly how we protect it.
Encrypted in transit and at rest
All traffic is HTTPS / TLS 1.3. Database storage is encrypted at rest (AES-256) and backups are encrypted.
Row-level isolation
Every table that stores user data uses Postgres Row-Level Security, scoped to your auth ID. No other user — and no code path without your token — can read your rows.
Strong auth
Sign in with email + password (HIBP-checked) or Google. Optional leaked-password protection, and session tokens rotate automatically.
Hosted on managed infra
Hosting on Cloudflare edge, database on Supabase (Postgres), payments through Paddle. We don't roll our own crypto or our own auth.
Backups & recovery
Daily encrypted backups with point-in-time recovery on the database tier. Your data survives our worst day.
Export & delete anytime
Export your full data as CSV from Settings. Delete your account and we wipe your data within 30 days.
Reporting a vulnerability
If you believe you've found a security issue, please email security@brainboardstudio.org. We aim to acknowledge within 48 hours.
A note on health & financial data
BrainBoard is a personal organization tool, not a regulated medical record or financial institution. We are not HIPAA-covered. Don't store data your insurer or employer specifically prohibits storing in personal apps.