Data Security

Your credentials are sensitive. Here's how we protect them with enterprise-grade security at every layer.

Security is Our Foundation

Credentia handles sensitive identity documents — resumes, Aadhaar cards, police certificates, and educational records. We've built our entire platform with security as the foundation, not an afterthought.

End-to-End Encryption

All document uploads and data transmissions are encrypted using TLS 1.3. Your files are encrypted at rest using AES-256 encryption on Supabase Storage.

Secure Infrastructure

Our platform runs on Vercel's edge network and Supabase's managed infrastructure, both built on AWS with enterprise-grade security, redundancy, and uptime guarantees.

Authentication & Access Control

We use Supabase Auth with JWT tokens, Row Level Security (RLS) policies, and role-based access control. Every API request is authenticated and authorized before processing.

Privacy by Design

We follow privacy-by-design principles. Only necessary data is collected, processed, and stored. Sensitive fields like Aadhaar numbers are never stored in plain text.

AI Processing Security

Documents sent to Google Gemini AI for analysis are processed in-memory and not retained by Google for training. We use Google's enterprise API tier with data processing agreements.

Regular Security Audits

We conduct regular security reviews of our codebase, dependencies, and infrastructure. Vulnerabilities are patched promptly following responsible disclosure practices.

Data Integrity

Every verified credential generates a unique tamper-proof hash. Any modification to the original document is instantly detectable, ensuring the integrity of all verification results.

Compliance Standards

Our platform is designed to align with IT Act 2000 (India), GDPR principles for data protection, and industry best practices for handling sensitive identity documents.

Data Lifecycle

1

Upload

Encrypted TLS 1.3 transfer

2

Process

In-memory AI analysis

3

Store

AES-256 encrypted at rest

4

Share

Permission-based access only

Report a Vulnerability

Found a security issue? We take responsible disclosure seriously. Contact us immediately.

Report Security Issue →