Security & data handling

AlitaBridge is built for B2B teams. Each customer organization has its own workspace; data is not shared across tenants.

Multi-tenant isolation

Organization membership controls access. API requests require authentication and a validated organization context. Database row-level security and application checks provide defense in depth.

Authentication

Sign-in uses Supabase Auth (GoTrue) with familiar email and OAuth flows. We do not store passwords in the AlitaBridge application layer.

Your content

Business Exposure settings, newsletter configuration, and drafts stay within your workspace. They are not published on the public marketing site. Admins control recipients, schedules, and send approval. Newsletter content is drawn from curated news and data sources — not ad-hoc public web browsing.

We do not use your content to train third-party foundation models.

Infrastructure

Our production environment uses TLS (HTTPS) for data in transit. We rely on encrypted storage from our cloud providers where supported, and we follow least-privilege practices for production credentials and service accounts. For a security questionnaire or DPA, contact us.