Security

Enterprise-grade infrastructure

Introlo runs on Vercel's edge network, backed by AWS infrastructure that meets SOC 2 Type II and ISO 27001 standards. Your profile loads fast and stays protected by the same infrastructure trusted by Fortune 500 companies.

• Automatic DDoS protection and Web Application Firewall (WAF)
• Global edge network with isolated compute per request
• Zero-downtime deployments with instant rollback capability

Encryption everywhere

All data transmitted to and from Introlo is encrypted with TLS 1.2+ (HTTPS). Data stored in our database is encrypted at rest using AES-256, the same standard used by banks and government agencies.

• TLS 1.2+ encryption on every connection — no exceptions
• AES-256 encryption for data at rest
• Sensitive credentials and API keys are stored in encrypted environment variables, never in code

Authentication & account security

Authentication is handled by Supabase Auth, a dedicated identity platform built on proven open-source standards. Your password is never stored in plain text — it's hashed using bcrypt with industry-standard cost factors.

• Secure session management with short-lived tokens
• OAuth support for passwordless sign-in via trusted providers
• Row-level security policies ensure users can only access their own data
• Automatic session expiry and token rotation

Payments you can trust

All payment processing is handled entirely by Stripe, a PCI DSS Level 1 certified processor — the highest level of certification in the payments industry. Introlo never sees, stores, or has access to your full card number.

• Card details are tokenized and processed exclusively by Stripe
• No payment credentials are stored on Introlo servers
• Stripe is trusted by millions of businesses worldwide, including Amazon, Google, and Shopify

Your data, your control

We believe you should always be in control of your information. Introlo collects only what is necessary to provide the service — nothing more.

• Your profile data is yours — you can update or delete it at any time
• We do not sell, rent, or share your personal information with third parties for marketing
• Minimal data collection — we only store what's needed to run your profile
• Account deletion permanently removes your data from our systems

Access controls & least privilege

Production access is tightly restricted. Internal systems follow the principle of least privilege — team members only have access to the resources required for their role, and all access is logged and auditable.

• Role-based access control for all internal systems
• Database access restricted to application-level service roles
• No shared credentials — individual accounts with unique authentication

Responsible disclosure

We take every report seriously. If you discover a potential security vulnerability, please let us know and we will investigate promptly. We appreciate researchers who help us keep Introlo safe.

Report vulnerabilities to: security@introlo.com

• We acknowledge receipt within 2 business days
• We will work with you to understand and validate the issue
• We will not take legal action against researchers acting in good faith

Continuous monitoring & improvement

Security is never “done.” We continuously monitor our systems, review our practices, and update our protections to stay ahead of emerging threats. Our infrastructure providers maintain compliance with industry standards including SOC 2, ISO 27001, and PCI DSS.