Security

• Supabase email/password authentication and session management.
• Row-level security and workspace membership checks for application data.
• Stripe-hosted checkout and billing portal so GlideForge does not handle full card details.
• Server-side AI calls so API keys are not exposed to browsers.
• Provider-managed encryption, network security, access controls, and deployment protections.
• Transactional security emails for account and password changes where configured.

• Use a strong, unique password.
• Keep account access limited to authorised users.
• Avoid uploading secrets, credentials, production passwords, API keys, or unnecessary personal data.
• Review generated output before applying it to customer systems.

Report suspected vulnerabilities, account compromise, or data exposure to support@glideforge.co.uk. Include enough detail to reproduce the issue and avoid accessing, changing, deleting, or downloading data that is not yours.

If we identify a security incident affecting personal data, we will investigate, take appropriate containment steps, and notify affected users or regulators where required by law.