Security & Trust

Your proposals and client data are sensitive. ChaseNudge is built with security at every layer: from encrypted storage to secure email connections.

AES-256

Encryption for stored tokens

TLS 1.2+

All data encrypted in transit

OAuth 2.0

We never store your email password

Infrastructure & Data Protection

Hosting

ChaseNudge runs on Cloudflare Workers: a globally distributed edge network with built-in DDoS protection, automatic failover, and no single point of failure.

Database

All data is stored in Supabase (built on PostgreSQL) with Row Level Security (RLS) enforced. Every query is scoped to the authenticated user: no user can access another user's data.

Encryption at rest

OAuth tokens for connected email accounts are encrypted with AES-256 before storage. Database backups are encrypted. Stripe handles all payment card data: we never see or store card numbers.

Encryption in transit

All connections use TLS 1.2+ (HTTPS). Data between your browser, our servers, and third-party services is always encrypted in transit.

Authentication

User authentication is handled by Supabase Auth with secure, httpOnly cookies. Passwords are hashed with bcrypt. Google OAuth is supported for passwordless login.

Email connection security

We connect to your Gmail or Outlook via OAuth 2.0: we never ask for or store your email password. You can revoke access at any time from your email provider's security settings or from ChaseNudge.

Payment processing

Payments are processed entirely by Stripe, a PCI DSS Level 1 certified payment processor. ChaseNudge does not store, process, or transmit credit card information.

Access controls

Admin access to infrastructure is restricted and requires multi-factor authentication. Database access uses service role keys that are stored as encrypted environment secrets.

Data isolation

Each user's data is logically isolated via Supabase Row Level Security policies. API routes verify authentication before any data access.

Secrets management

All API keys, tokens, and secrets are stored as encrypted environment variables in Cloudflare Workers: never in source code or client-side bundles.

Third-Party Sub-processors

We only share data with services necessary to operate ChaseNudge. Each has appropriate data protection agreements in place.

ServicePurposeLocation
SupabaseDatabase, authenticationEU (Frankfurt)
CloudflareHosting, CDN, DDoS protectionGlobal (SCCs in place)
StripePayment processingUS/EU (PCI DSS Level 1, SCCs in place)
Google (Gmail OAuth)Email sending on user's behalfUS (EU adequacy decision)
Microsoft (Outlook OAuth)Email sending on user's behalfUS/EU (SCCs in place)

Compliance & Policies

GDPR Compliance

How we comply with EU data protection regulations

Privacy Policy

What data we collect and how we use it

Terms of Service

Conditions governing use of ChaseNudge

Acceptable Use Policy

Rules to prevent spam and misuse

Security Questions?

If you have security concerns or want to report a vulnerability, contact us at adam@chasenudge.com