Security at FluoTest

How we protect your data

• All data is stored in Supabase with Row Level Security enabled on every table
• API keys are encrypted using Supabase Vault and never stored in plain text
• Authentication uses Supabase Auth with PKCE flow to prevent token interception
• All traffic is encrypted via HTTPS
• Infrastructure hosted in the EU (Vercel + Supabase)

Responsible Disclosure

If you discover a security vulnerability in FluoTest, please report it to [email protected]. We take every report seriously and will respond within 48 hours.

Please do not publicly disclose the vulnerability until we have had a chance to investigate and fix it.

Acknowledgments

We appreciate security researchers who help keep FluoTest safe.