Security

Security Overview

A high-level overview of how Recala approaches hosting, access control, incident handling, and service hardening during the MVP phase.

Last updated: April 2, 2026

This page is a trust overview, not a contractual SLA or a full security whitepaper. It should be expanded before enterprise procurement.

Platform Controls

  • Authentication and protected workspace access are handled through Supabase.
  • The public marketing surface is separated from authenticated portal routes.
  • Hosted delivery is managed through Netlify and managed cloud services rather than self-hosted public infrastructure.

Data Handling

  • Data in transit relies on HTTPS and provider-managed TLS.
  • Operational data is stored in managed infrastructure rather than local browser storage where avoidable.
  • Connected CMS publishing is performed only after explicit workspace setup and authorization.

Access and Change Management

Recala follows least-privilege principles for operational access and uses version-controlled deployments. Security improvements, dependency updates, and reliability fixes are applied as part of normal engineering work.

Incident Response

If Recala identifies a material security event affecting customer data or service integrity, impacted customers will be informed through the appropriate support or account channel with available remediation guidance.

MVP Limitations

Formal penetration tests, dedicated SLAs, subprocessor lists, and enterprise procurement artifacts are not yet published on this website. Those should be added before broader enterprise rollout.