Security

SupahMation is designed for teams that need predictable agent execution without trading away control of their data. Security practices evolve with the product; this page summarizes our current approach.

Infrastructure

• Encrypted transport (TLS) for data in transit between clients and our APIs
• Secrets and API keys stored outside application code and rotated on a defined cadence
• Network isolation between public edge services and background workers where applicable
• Dependency and container scanning as part of our release process

Authentication and access

• JWT-based authentication for platform APIs with scoped workplace permissions
• Least-privilege access for internal operators and production systems
• Audit logging for sensitive actions such as billing changes and source connections

Data handling

Customer inputs and agent outputs are processed only to fulfill requests, provide support, and meet billing obligations. Retention windows depend on product settings and your agreement with us. See our Privacy Policy for more detail.

Abuse prevention

Public surfaces such as the waitlist use CAPTCHA and rate limiting to reduce automated abuse. Platform endpoints enforce authentication and usage limits.

Responsible disclosure

If you believe you have found a security vulnerability, please report it to security@supahmation.com. Include enough detail for us to reproduce the issue. We ask that you do not publicly disclose vulnerabilities until we have had a reasonable opportunity to remediate.

For enterprise security questionnaires or vendor reviews, contact our team.