Security

Last updated: June 28, 2026

Important Notice

CivilSense is decision-support intelligence — not a primary alerting or dispatch system. Do not use this platform as a sole source for life-safety decisions, emergency response coordination, or regulatory compliance. Always verify against official sources (FEMA, NWS, state/local emergency management) before operational use.

1. Platform Purpose and Limitations

CivilSense ingests public federal data (USGS, NOAA, NASA FIRMS, FEMA, NIFC) and applies modeling algorithms to produce hazard assessments, consequence zone estimates, and analytical outputs. All outputs are modeled estimates derived from public data — not observed conditions.

2. Infrastructure and Hosting

Hosted on Vercel (edge network, US regions)
Database: Supabase (PostgreSQL on AWS, SOC 2 Type II certified)
Cache and rate limiting: Upstash Redis
Error monitoring: Sentry
Payment processing: Stripe (PCI DSS Level 1)
DNS and CDN: Vercel Edge Network

3. Data Handling

3.1 Data in Transit

All data transmitted over TLS 1.2 or higher. No plaintext communication channels are used for any user data or API traffic.

3.2 Data at Rest

3.3 Incident Data Handling

3.4 User Data Handling

See our Privacy Policy for comprehensive details on personal data collection, use, retention, and deletion.

4. Tenant Isolation and Access Control

4.1 Row-Level Security

Every table containing user data is protected by PostgreSQL Row-Level Security (RLS) policies. Users can only access their own saved locations, portfolios, triggers, and alert configurations through the application layer. RLS is enforced at the database level — not the application level — providing defense-in-depth against application bugs.

4.2 Authentication

Authentication via Supabase Auth using magic link (email-based, passwordless). No passwords are stored. Session tokens are short-lived JWTs validated on every API request.

4.3 API Authentication

Worker routes (cron-triggered data ingestion) authenticate via a shared secret (CRON_SECRET) in the Authorization header. User-facing API routes authenticate via Supabase JWT. All server-side secrets are stored in encrypted environment variables and never exposed to client-side code.

4.4 Rate Limiting

All API endpoints are rate-limited via Upstash Redis. Limits vary by subscription tier. Rate limit headers are included in all API responses. Persistent abuse results in temporary IP blocks.

5. Security Headers and Browser Protection

Content Security Policy (CSP) — restricts script/style/image sources
HTTP Strict Transport Security (HSTS) — enforces HTTPS
X-Frame-Options: DENY — prevents clickjacking
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin-when-cross-origin
Permissions-Policy — restricts browser API access

6. Backup and Recovery

7. Audit and Compliance

7.1 Audit Logging

Alert delivery events are logged in an audit table with SHA-256 hashed user identifiers (not raw user IDs). Audit logs are retained for 2 years. API usage logs are retained for 90 days. Server request logs (including IP addresses) are retained for 30 days.

7.2 Compliance Posture

8. Security Incident Response

See Privacy Policy — Data Breach Notification for our notification commitments.

9. Responsible Disclosure

If you discover a security vulnerability in CivilSense, please report it to security@civilsense.io. We ask that you:

Do not publicly disclose the vulnerability before we have addressed it
Provide sufficient detail to reproduce the issue
Do not access, modify, or delete other users' data
Do not perform denial-of-service testing

We will acknowledge receipt within 48 hours and provide a resolution timeline within 5 business days.

10. Contact

For security-related questions or reports: