Legal
Security
Last updated: May 1, 2026
Our Commitment
Security is a core part of how WaffleIQ is built. We follow industry best practices across our infrastructure, application, and operational processes to keep your data safe.
Infrastructure
WaffleIQ runs on Supabase and Vercel, leveraging enterprise-grade cloud infrastructure with SOC 2 Type II certification. All data is stored in encrypted databases with automated backups and point-in-time recovery.
Encryption
All data is encrypted in transit using TLS 1.2+ and at rest using AES-256. API keys and credentials are stored using industry-standard secrets management and are never logged.
Access Controls
Row-Level Security (RLS) is enforced at the database layer, ensuring each organization can only access its own data. Internal access to production data is restricted and audited.
Authentication
WaffleIQ supports OAuth 2.0 (Google), email/password with bcrypt hashing, and session tokens that expire automatically. We recommend enabling Google SSO for organizational accounts.
Vulnerability Disclosure
If you discover a security vulnerability, please disclose it responsibly by emailing security@waffleiq.com. We commit to acknowledging reports within 48 hours and resolving critical issues within 14 days.
Compliance
WaffleIQ is designed to support GDPR and CCPA compliance for our customers. We act as a data processor for the professional data surfaced in search results and provide Data Processing Agreements (DPAs) on request.
Contact
For security questions or to request a DPA, contact security@waffleiq.com.