Security Overview

Application Infrastructure

• Hosting: CaseProof is deployed on Vercel, which provides a global edge network, automatic DDoS mitigation, and enforced HTTPS on all endpoints.
• TLS: All connections use TLS 1.2 or higher. Older protocol versions are rejected.
• Automatic HTTPS: All HTTP traffic is redirected to HTTPS. SSL certificates are managed and renewed automatically.

Data Storage

• Database: Supabase (PostgreSQL on AWS), which is SOC 2 Type II certified. All database data is encrypted at rest using AES-256.
• File storage: Supabase Storage (S3-compatible), with AES-256 encryption at rest for all uploaded files and documents.
• Region: All data is stored in the United States (AWS us-east-1).

Authentication & Passwords

• Authentication is handled by Supabase Auth. Passwords are never stored in plaintext — Supabase uses bcrypt hashing.
• Sessions are managed via short-lived JWTs with refresh token rotation on each use.
• Sessions expire after a configurable period of inactivity.

Tenant Isolation

CaseProof enforces data isolation between customers using PostgreSQL Row-Level Security (RLS). Every database query is scoped to the authenticated user. There is no shared infrastructure between customer tenants at the data layer — a user cannot query or access another user's matters, files, or case data, even if they share the same underlying database instance.

Encryption Summary

• In transit: TLS 1.2+ for all connections
• At rest (database): AES-256 via AWS RDS (Supabase)
• At rest (files): AES-256 via S3 (Supabase Storage)

See the Encryption page for full details.

Compliance Certifications

• Supabase: SOC 2 Type II
• Vercel: SOC 2 Type II
• Stripe: PCI DSS Level 1
• OpenAI: SOC 2 Type II

See the Subprocessors page for the full vendor list.

Reporting a Security Issue

To report a security vulnerability, email security@case-proof.com. We triage all reports within 24 hours.