Security at ReadFort
Your documents contain sensitive information. We treat their protection as our highest priority.
Encryption in Transit
All data transmitted between your browser and ReadFort is encrypted using TLS 1.2 or higher. This is the same encryption standard used by banks and financial institutions to protect data in transit.
Encryption at Rest
All documents and database records are encrypted at rest using AES-256, the industry gold standard. Your files are encrypted on disk and can only be decrypted by authorized systems.
Access Controls
Row-level security policies ensure that users can only access their own data. Every database query and storage request is validated against your authenticated identity before any data is returned.
Authentication
User passwords are hashed using bcrypt and never stored in plaintext. Sessions are managed with secure, HTTP-only cookies. Signed download URLs expire after one hour.
Infrastructure
ReadFort is built on SOC 2 Type II certified infrastructure. Our database, storage, and authentication services are hosted by Supabase, which maintains rigorous security certifications and undergoes regular third-party audits.
Audit Trail
Every document action — uploads, downloads, edits, and deletions — is logged with timestamps and user identification. This immutable audit trail supports your compliance and regulatory requirements.
Additional Security Practices
Payment Security
All payment processing is handled by Stripe, a PCI DSS Level 1 certified payment processor. ReadFort never stores, processes, or transmits credit card numbers or bank account details. Your payment information goes directly to Stripe's secure infrastructure.
Data Isolation
Each user's documents are stored in isolated storage paths keyed to their unique account identifier. Database-level row security policies enforce strict tenant isolation, preventing any cross-account data access even in the event of an application-level vulnerability.
Secure File Handling
Uploaded files are validated for type and size before storage. We accept only approved document formats (PDF, DOCX, JPEG, PNG, WebP) with a maximum file size of 25 MB. Download links are generated as signed URLs that expire after one hour, preventing unauthorized access through shared links.
Data Deletion
When you delete a document, it is permanently removed from both our database and file storage. Upon account termination, all associated data is permanently deleted within 90 days after the 30-day export window. We do not retain copies of deleted data.
Reporting a Vulnerability
If you discover a security vulnerability in ReadFort, please report it to security@readfort.com. We take all reports seriously and will respond within 48 hours. We ask that you give us reasonable time to address the issue before any public disclosure.