Your data is protected
at every layer
Atlas is built with security as a foundation, not an afterthought. From encrypted connections to row-level database security, we protect your prompts and data with enterprise-grade measures.
How Atlas is built
A modern, secure stack designed for reliability and performance
Frontend
Hosted on Vercel's edge network with automatic HTTPS, DDoS protection, and global CDN distribution for fast, secure access worldwide.
Database
PostgreSQL database hosted on Supabase in AWS us-east-2. Data encrypted at rest and in transit with automatic backups.
Authentication
Powered by Supabase Auth with secure session management, password hashing using bcrypt, and protection against leaked passwords.
Multiple layers of protection
Encryption in Transit
All data transmitted between your browser and our servers is encrypted using TLS 1.3. HTTPS is enforced on all connections with HSTS headers.
- TLS 1.3 encryption
- HSTS with 1-year max-age
- Automatic HTTP to HTTPS redirect
Encryption at Rest
Your data is encrypted when stored in our database using AES-256 encryption, the same standard used by banks and government agencies.
- AES-256 encryption
- Encrypted database backups
- Secure key management
Row-Level Security
Every database table has Row Level Security (RLS) policies that ensure users can only access data they're authorized to see.
- Enforced at database level
- Cannot be bypassed by application code
- Granular access control per user
Security Headers
Comprehensive HTTP security headers protect against common web vulnerabilities including XSS, clickjacking, and content injection.
- Content Security Policy (CSP)
- X-Frame-Options: DENY
- X-Content-Type-Options: nosniff
Secure Authentication
Password authentication with industry best practices including secure hashing, rate limiting, and leaked password protection.
- bcrypt password hashing
- Leaked password detection (HaveIBeenPwned)
- Secure session tokens
Role-Based Access Control
Two-tier permission system ensures only authorized users can perform administrative actions like creating or editing prompts.
- Admin and User roles
- Admins: full CRUD on prompts
- Users: view, copy, and vote only
Who can access what
Clear permission boundaries enforced at the database level
| Action | Public | Users | Admins |
|---|---|---|---|
| View prompts | - | ||
| Copy prompts | - | ||
| Vote on prompts | - | ||
| Create prompts | - | - | |
| Edit prompts | - | - | |
| Delete prompts | - | - | |
| View own profile | - | ||
| Edit own profile | - | ||
| View all users | - | - | |
| Manage categories | - | - |
Built on trusted platforms
Vercel
Frontend Hosting
- Global edge network (100+ locations)
- Automatic SSL/TLS certificates
- DDoS protection included
- SOC 2 Type II compliant
Supabase
Database & Auth
- Hosted on AWS infrastructure
- Daily automated backups
- Point-in-time recovery available
- SOC 2 Type II compliant
How we keep Atlas secure
No Secrets in Code
All API keys and credentials are stored as environment variables, never committed to version control.
Minimal Permissions
The application uses the least-privileged API keys required. No service role keys are exposed to the client.
Input Validation
All user input is validated on both client and server using Zod schemas to prevent injection attacks.
Regular Updates
Dependencies are kept up to date to patch known vulnerabilities. Security updates are prioritized.
Error Monitoring
Application errors are tracked via Sentry, allowing us to quickly identify and resolve issues.
Audit Logging
User actions like voting and prompt usage are logged for accountability and debugging purposes.
Questions about security?
Security is an ongoing commitment. If you have questions or concerns about how we protect your data, please reach out to your administrator.