Security
Enterprise-grade security for your code compilation
1. Infrastructure Security
Our infrastructure is designed for security from the ground up:
- Database Encryption: PostgreSQL databases hosted on Railway with encryption at rest (AES-256)
- TLS 1.3: All data in transit is encrypted using modern TLS 1.3 protocols
- Isolated Environments: Each compilation runs in isolated Docker containers
- Network Security: Firewall rules and DDoS protection via Vercel and Railway
2. Authentication & Access Control
We implement industry-standard authentication mechanisms:
- Password Hashing: Bcrypt with salt for all user passwords
- JWT Tokens: Secure, expiring JSON Web Tokens for session management
- OAuth 2.0: Google and GitHub OAuth integration (coming soon)
- Rate Limiting: API rate limits to prevent abuse and brute-force attacks
3. Code Security
Your generated code is treated with the highest security standards:
- Static Analysis: All generated code goes through security scanning
- OWASP Compliance: We check for OWASP Top 10 vulnerabilities
- Dependency Scanning: Automated checks for vulnerable dependencies
- No Code Storage: Generated code is not permanently stored unless you deploy through us
4. Payment Security
All payments are processed through Stripe, a PCI DSS Level 1 certified payment processor. We never store your credit card information.
5. Compliance & Auditing
- GDPR Compliant: Full compliance with EU data protection regulations
- Regular Audits: Quarterly security audits and penetration testing
- Logging & Monitoring: Comprehensive logging for security events and anomaly detection
- Incident Response: 24/7 security monitoring and rapid response team
6. Reporting Security Issues
We take security seriously. If you discover a security vulnerability, please report it responsibly:
Email: security@orchesity.com
Please allow 48 hours for initial response. We offer bug bounties for valid reports.
7. Contact Security Team
Email: support@orchesity.com
Phone: +1 (810) 351-7299