Security

1. Our Commitment to Security

At Expirely, we take the security of your data seriously. We implement industry-standard security measures to protect your grant applications, documents, and personal information.

2. Data Encryption

We use encryption to protect your data:

• All data transmitted between your browser and our servers is encrypted using TLS/SSL
• Passwords are hashed using industry-standard algorithms
• Sensitive data is encrypted at rest in our database

3. Authentication & Access Control

We protect your account with:

• Secure authentication powered by Supabase
• Multi-tenant data isolation ensuring organizations can only access their own data
• Row-Level Security (RLS) policies at the database level
• Session management with automatic timeout

4. Infrastructure Security

Our infrastructure is built on secure, industry-leading platforms:

• Hosted on Vercel with automatic HTTPS and DDoS protection
• Database managed by Supabase (Neon PostgreSQL) with built-in security features
• Regular security updates and patches
• Automated backups and disaster recovery

5. Document Storage

Your grant documents are stored securely:

• Private Supabase Storage bucket with strict access policies
• Server-side signed URLs for secure downloads
• Organization-level access verification
• No direct client access to stored files

6. Payment Security

We never store your payment information:

• All payments processed securely through Stripe
• PCI compliance handled by Stripe
• We only store subscription status, never card details

7. Monitoring & Incident Response

We actively monitor our systems for security threats and maintain an incident response plan to quickly address any security issues.

8. Report a Security Issue

If you discover a security vulnerability, please email us immediately at security@expirely.co. We take all reports seriously and will respond promptly.

9. Questions

For questions about our security practices, please contact us.