Security

Security is built in — not added on top

How we protect your data, your projects, and your team.

Our commitment

Security is built into Zypact — not added on top. Every feature is designed with least-privilege access, minimal data retention, and end-to-end encryption from day one.

Data security

  • TLS 1.3 encryption in transit
  • AES-256 encryption at rest (Supabase)
  • API keys hashed with SHA-256 (never stored in plain)
  • No passwords stored (OAuth + magic links only)

Authentication

  • Google OAuth 2.0
  • GitHub OAuth
  • Magic link (email — no password needed)
  • Secure sessions via NextAuth v5

Infrastructure

  • Vercel (SOC 2 Type II certified)
  • Supabase (SOC 2 compliant)
  • Stripe (PCI DSS Level 1)

Responsible disclosure

Found a security issue? Email contact@zypact.com with the subject “Security Report”. We respond within 48 hours.

Beta notice

We conduct regular security reviews and will notify users promptly of any incident affecting their data.