This page describes Gumly’s security practices at a high level. We treat your data with the highest priority and implement industry-standard protections.
1. Encryption
- In Transit: All data sent between your browser and our servers is encrypted using TLS 1.2 or higher.
- At Rest: Sensitive data, including OAuth tokens and credentials, are encrypted using AES-256 (Fernet) before being stored in our database.
2. Access Controls
- Least Privilege: Our internal systems follow strict role-based access control.
- Authentication: Multi-factor authentication (MFA) is required for all administrative access to our production infrastructure.
- Monitoring: We maintain audit logs and real-time monitoring to detect and respond to unauthorized activities.
3. Infrastructure & Reliability
Gumly is built on top of world-class infrastructure providers (AWS/Railway/Supabase) that comply with rigorous security standards.
- Regular automated backups with point-in-time recovery.
- Distributed denial-of-service (DDoS) protection.
- Isolated production and development environments.
4. Incident Response
We maintain an incident response plan to assess, contain, and remediate security events. In the event of a material impact on user data, we will provide appropriate notifications in accordance with applicable laws.
5. Responsible Disclosure
We welcome reports from security researchers. Please report vulnerabilities to:
Security Contact:security@gumly.ai