Skip to main content

Security at Amianto.info

Last updated: April 2026

We take the security of our platform and the data entrusted to us very seriously. This page describes the technical and organisational measures we implement to protect Amianto.info, our customers, and their users.

1. Infrastructure and Hosting

Amianto.info runs on a modern, fully managed infrastructure built around the following providers, all of which maintain SOC 2, ISO 27001, and GDPR-compliant operations:

  • Vercel — application hosting and global content delivery network with European edge regions.
  • Supabase — managed PostgreSQL database, authentication, and object storage running on AWS.
  • Stripe — PCI DSS Level 1 certified payment processing.
  • Geoapify — EU-based geocoding and mapping infrastructure.

2. Encryption

All data exchanged between users and Amianto.info is encrypted in transit using TLS 1.2 or higher, with HSTS enforced on all production domains. Personal data and customer content stored in our database and object storage are encrypted at rest using AES-256.

3. Authentication and Access Control

User passwords are never stored in plain text. We rely on industry-standard, salted password hashing handled by Supabase Auth. The platform supports email/password authentication and is designed to support additional providers and multi-factor authentication.

Internal access to production systems follows the principle of least privilege: only a minimal number of authorised engineers have administrative access, and all such access is logged.

4. Application Security

Our codebase follows modern secure development practices:

  • Server-side input validation and parameterised queries to prevent SQL injection.
  • Output escaping and Content Security Policy headers to mitigate cross-site scripting (XSS).
  • CSRF protection on state-changing endpoints.
  • Strict CORS policies and same-site cookie attributes.
  • Automated dependency scanning and prompt patching of known vulnerabilities.
  • Code review for every change before it reaches production.

5. Payment Security

All payments are processed by Stripe, a PCI DSS Level 1 certified payment provider. Card numbers, CVV codes, and expiration dates never touch Amianto.info servers — they are sent directly from your browser to Stripe through their hosted Elements interface. We only store a subscription identifier and the last four digits of the card for billing reference.

6. Backups and Disaster Recovery

The production database is backed up automatically by Supabase, with point-in-time recovery enabled. We test restoration procedures regularly to ensure data can be recovered in the event of an incident. Static assets and application code are versioned in Git and can be redeployed in minutes from any historical commit.

7. Monitoring and Incident Response

We monitor application uptime, error rates, and key security signals continuously. In the event of an incident affecting personal data, our incident response procedure includes:

  • Immediate triage and containment of the issue.
  • Investigation of root cause and scope.
  • Notification of affected customers without undue delay and within 72 hours where required by GDPR.
  • Post-incident review and remediation to prevent recurrence.

8. Data Residency

We host customer data in regions that align with European data protection standards. When data must be transferred outside the EEA — for instance to US-based sub-processors such as Stripe or Vercel — we rely on Standard Contractual Clauses and additional safeguards as required by Schrems II and Implementing Decision (EU) 2021/914.

9. Responsible Disclosure

We welcome reports of security vulnerabilities from independent researchers. If you believe you have found a vulnerability in Amianto.info, please contact us privately at the address below before disclosing it publicly. We commit to:

  • Acknowledging your report within 5 business days.
  • Investigating the issue and keeping you informed of our progress.
  • Crediting you in our security acknowledgements (if you wish) once the issue is resolved.
  • Not taking legal action against researchers acting in good faith and within the scope of this policy.

Please do not perform tests that could degrade the service, exfiltrate real user data, or violate the privacy of other users.

10. Contact

To report a security issue or ask any question about our security practices, please write to:

contact@amianto.info