Security | Corebee

Introduction

At Corebee, security is foundational, not an afterthought. We implement industry-standard practices to protect your data and your customers' data at every layer of our platform.

Infrastructure Security

Our infrastructure is built on trusted, enterprise-grade providers with security at the core.

Hosted on Vercel (serverless, global edge network) and Supabase (AWS-backed PostgreSQL)
All data encrypted in transit (TLS 1.2+) and at rest (AES-256)
Automatic failover and redundancy across regions
Regular infrastructure security assessments

Application Security

We follow secure development practices and enforce strict isolation between tenants.

Row-level security (RLS) on all database tables for tenant isolation
Multi-tenant architecture with strict organization boundaries
Rate limiting on all API endpoints
Input validation and sanitization on all user inputs
Protection against OWASP Top 10 vulnerabilities

Authentication and Access Control

Access to your account and data is tightly controlled through modern authentication standards.

Secure authentication via Supabase Auth (supports Google OAuth, email/password)
Role-based access control (Admin and Member roles)
Session management with secure, httpOnly cookies
OAuth 2.0 and PKCE flow for third-party authentication

Data Privacy and Compliance

We are committed to meeting the highest standards of data privacy and regulatory compliance.

GDPR compliant — data subject rights honored (access, deletion, portability)
Data Processing Agreement (DPA) available on request
SOC 2 compliance practices
Full privacy policy available at /privacy
We do not sell customer data to any third party

AI Data Handling

We take special care with how data flows through our AI systems.

Support conversations are processed via the OpenAI API
Conversations are not used to train OpenAI's models — we use the API, not consumer products
Knowledge base content is stored with encryption
RAG (Retrieval Augmented Generation) keeps AI responses grounded in your data, reducing hallucination and ensuring relevance

Reporting Vulnerabilities

If you discover a security vulnerability, please contact us at jonathan@corebee.ai. We take all reports seriously and will respond within 48 hours.

Infrastructure Security

Our infrastructure is built on trusted, enterprise-grade providers with security at the core.

Hosted on Vercel (serverless, global edge network) and Supabase (AWS-backed PostgreSQL)

All data encrypted in transit (TLS 1.2+) and at rest (AES-256)

Automatic failover and redundancy across regions

Regular infrastructure security assessments

Application Security

We follow secure development practices and enforce strict isolation between tenants.

Row-level security (RLS) on all database tables for tenant isolation

Multi-tenant architecture with strict organization boundaries

Rate limiting on all API endpoints

Input validation and sanitization on all user inputs

Protection against OWASP Top 10 vulnerabilities

Authentication and Access Control

Access to your account and data is tightly controlled through modern authentication standards.

Secure authentication via Supabase Auth (supports Google OAuth, email/password)

Role-based access control (Admin and Member roles)

Session management with secure, httpOnly cookies

OAuth 2.0 and PKCE flow for third-party authentication

Data Privacy and Compliance

We are committed to meeting the highest standards of data privacy and regulatory compliance.

GDPR compliant — data subject rights honored (access, deletion, portability)

Data Processing Agreement (DPA) available on request

SOC 2 compliance practices

Full privacy policy available at /privacy

We do not sell customer data to any third party

AI Data Handling

We take special care with how data flows through our AI systems.

Support conversations are processed via the OpenAI API

Conversations are not used to train OpenAI's models — we use the API, not consumer products

Knowledge base content is stored with encryption

RAG (Retrieval Augmented Generation) keeps AI responses grounded in your data, reducing hallucination and ensuring relevance