Security at Interstrata

SOC 2 Type II Certified Infrastructure

Interstrata is hosted on Supabase's SOC 2 Type II audited cloud platform. Platform-level controls, audit cadence, and trust service criteria are inherited from the underlying infrastructure.

AES-256 Encryption at Rest

All stored data encrypted with AES-256 at the database level. Trust events, incident binders, and custody records are encrypted at rest without exception.

TLS 1.2+ In Transit

Every connection encrypted end-to-end. TLS 1.0 and 1.1 are disabled. All API endpoints enforce HTTPS.

Automated Daily Backups

Point-in-time recovery across all environments, managed by the underlying platform. Backup integrity is verified automatically.

24/7 Infrastructure Monitoring

Platform-level monitoring by Supabase's operations team. Alerting on anomalous access patterns, resource exhaustion, and service degradation.

Row-Level Security on Every Table

Database-enforced tenant isolation. Not application-level, database-level. Cross-tenant access is structurally prevented by PostgreSQL policies that execute before any query returns data.

Edge Function Isolation

Each API endpoint runs in its own sandboxed Deno runtime. No shared server state between tenant contexts. Functions are stateless and ephemeral.

Deny-by-Default Access Control

All capabilities default to denied. Access requires explicit grant: for user permissions, API access, and internal service-to-service calls. This is the same capability model we build into the product.

Zero Client-Side PII

No personally identifiable information written to client-side storage beyond scoped, short-lived session tokens. Widgets are display-only.

Full Audit Trail

Every write operation in production logged with a timestamped, hash-chained record. Audit records stored separately and not modifiable by application-layer operations. This is the same Trust Substrate primitive we sell.