AI Skill Blueprint
Security
This page is maintained by DATACRUX INSIGHTS PRIVATE LIMITED and describes controls that are currently enabled in the product. It is not a certification or independent audit.
Encryption in transit
All traffic to the Service is served over HTTPS with modern TLS. Payment traffic to Razorpay is protected end-to-end.
Encryption at rest
Application data is stored in a managed Postgres database that encrypts data at rest by default. Invoice PDFs are stored in a private object bucket accessible only via short-lived signed URLs.
Row-level security
Every user-facing table has Row-Level Security enabled. Users can access only their own rows; admin access is scoped through a dedicated user_roles table checked in every policy.
Authentication
Sign-in with email + password and Google OAuth is supported. Passwords are salted and hashed by our managed auth provider — we never see them in plain text.
Verified webhooks
Razorpay webhooks are verified with HMAC-SHA256 signatures using a shared secret. Requests with an invalid signature are rejected before any database write.
Least-privilege service credentials
API keys and payment secrets are stored as server-side environment variables. Publishable keys are the only credentials exposed to browsers.
Shared responsibility
Security is a shared responsibility between DataCrux, our sub-processors, and you. DataCrux is responsible for the security of the Service (infrastructure, application, and access controls). You are responsible for security in the Service — keeping your credentials safe, using unique passwords, and reviewing who has access to your account.
Report a vulnerability
Email support@datacruxinsights.com with subject Security. Please include reproduction steps, affected URLs, and any PoC. We ask that you do not publicly disclose an issue before we’ve had a reasonable opportunity to investigate and remediate.
AI Skill Blueprint