AI Skill Blueprint

Security

This page is maintained by DATACRUX INSIGHTS PRIVATE LIMITED and describes controls that are currently enabled in the product. It is not a certification or independent audit.

Encryption in transit

All traffic to the Service is served over HTTPS with modern TLS. Payment traffic to Razorpay is protected end-to-end.

Encryption at rest

Application data is stored in a managed Postgres database that encrypts data at rest by default. Invoice PDFs are stored in a private object bucket accessible only via short-lived signed URLs.

Row-level security

Every user-facing table has Row-Level Security enabled. Users can access only their own rows; admin access is scoped through a dedicated user_roles table checked in every policy.

Authentication

Sign-in with email + password and Google OAuth is supported. Passwords are salted and hashed by our managed auth provider — we never see them in plain text.

Verified webhooks

Razorpay webhooks are verified with HMAC-SHA256 signatures using a shared secret. Requests with an invalid signature are rejected before any database write.

Least-privilege service credentials

API keys and payment secrets are stored as server-side environment variables. Publishable keys are the only credentials exposed to browsers.

Shared responsibility

Security is a shared responsibility between DataCrux, our sub-processors, and you. DataCrux is responsible for the security of the Service (infrastructure, application, and access controls). You are responsible for security in the Service — keeping your credentials safe, using unique passwords, and reviewing who has access to your account.

Report a vulnerability

Email support@datacruxinsights.com with subject Security. Please include reproduction steps, affected URLs, and any PoC. We ask that you do not publicly disclose an issue before we’ve had a reasonable opportunity to investigate and remediate.