Security Posture
Ursara’s security architecture is designed to fail closed. We implement defense-in-depth across our entire stack.
Data protection & encryption
All customer data is encrypted both at rest and in transit. We implement strict data classification and handling procedures with purpose limitation controls.
At Rest
AES-256 encryption — All stored data is encrypted using this industry-standard algorithm, protecting data in our databases (Supabase) and file systems.
In Transit
TLS 1.3 encryption — All data transmitted between your browser and our servers is encrypted. We enforce HTTPS and implement HSTS headers.
Key Management
Azure Key Vault — Encryption keys are managed with strict rotation policies. Keys are never stored alongside encrypted data and access is tightly controlled.
Access control
We request only the minimum permissions needed to enable the functionality you want, with strict access controls and usage limitations. This principle of least privilege is fundamental to our security architecture.
MFA
Multi-factor authentication available and enforced for all internal users via Clerk.
SSO
SAML/SSO integration with your existing identity provider (Entra, Okta, Google).
RBAC & RLS
Role-based access control combined with strict database Row-Level Security.
Audit Logs
Comprehensive, immutable audit logging for all access and mutation events.
Infrastructure security
Our platform is hosted on Microsoft Azure, a leading cloud provider that maintains rigorous compliance certifications including SOC 2, ISO 27001, and more.
Physical & Network Defenses
- SOC 2 Data Centers: 24/7 physical security monitoring and biometric access controls.
- Network Isolation: Strict Virtual Private Cloud (VPC) segmentation and isolation between services.
- WAF & DDoS Protection: Edge network protection and Web Application Firewall powered by Vercel and Azure Front Door.