Security

Last updated: March 2026

Reporting Vulnerabilities

If you discover a security vulnerability in Bridge AI, please report it responsibly. We take all security reports seriously and will respond within 48 hours.

Email: security@bridgeai.app

Subject line: [SECURITY] Brief description

Please include:

  • Description of the vulnerability
  • Steps to reproduce
  • Potential impact
  • Your contact information (optional)

We ask that you do not publicly disclose the vulnerability until we have had a chance to address it.

What We Do to Keep You Safe

  • All data encrypted in transit (HTTPS/TLS)
  • All data encrypted at rest (Supabase AES-256)
  • Authentication handled by Supabase Auth
  • No passwords stored — handled by Supabase
  • Payments handled by Stripe (PCI DSS Level 1)
  • Documents processed by OpenAI — not stored permanently
  • Regular dependency security audits
  • EU data residency (Supabase Ireland region)

Responsible Disclosure Policy

We follow a responsible disclosure model. Security researchers who report valid vulnerabilities in good faith will:

  • Receive acknowledgement within 48 hours
  • Be kept informed of our progress
  • Be credited in our security acknowledgements (if desired)

We will not take legal action against researchers acting in good faith.

Contact

security@bridgeai.app

Privacy PolicyTerms of ServiceSupport