Security & Trust
How we protect your data and operate the platform.
Authentication & access
Email + password (12+ chars), Google OAuth, optional TOTP-based 2FA. Session and login history available to every user.
Data protection
Database-level Row-Level Security on every table. Encryption in transit (TLS 1.2+) and at rest. Defense-only policy: the platform is not used for offensive operations.
Hosting & data residency
EU hosting. GDPR-compliant. Data export (Art. 20) and account deletion (Art. 17) self-service.
Sub-processors
- Supabase (managed Postgres, auth, storage, edge functions): EU region
- Stripe (billing & payments)
- Resend (transactional email)
- Firecrawl (URL scanning for evidence capture)
Operational controls
Audit logging for admin actions. Rate limits on report submissions. Automated triage uses rule-based checks combined with LLM-assisted evaluation; final actions are reviewed by humans for company tier.
Reporting a vulnerability
Please email team@blackwall.report. See also our Responsible Disclosure policy.
