GVOGVO SMiTHArtist Media Network

Legal

Security

Last updated: April 6, 2026

1. Our Commitment

CAD Guardian LLC is committed to maintaining reasonable security controls to protect personal information and Platform integrity. This page describes our actual security practices, not a guarantee of absolute security.

2. Infrastructure Security

  • Hosting: Deployed on Vercel's secure, distributed infrastructure with automatic HTTPS/TLS encryption.
  • Database: Postgres database hosted by Supabase with encryption at rest and in transit.
  • Access: Admin database access restricted to service-role keys, not accessible from client-side code.

3. Authentication & Authorization

  • Admin auth: Email-based authentication via Supabase Auth with secure session tokens.
  • Email allowlist: Admin access restricted to pre-approved email addresses.
  • Row-level security (RLS): Database policies enforce minimum-privilege access; authenticated users cannot read other users' data.

4. Application Security

  • HTTPS/TLS: All traffic encrypted in transit.
  • Rate limiting: Public API routes throttled to prevent abuse and denial-of-service attacks.
  • Input validation: All form submissions validated and sanitized server-side.
  • CORS: Cross-origin requests restricted to authorized domains.
  • CSP: Content Security Policy headers restrict inline scripts and external resource loading.

5. Data Protection

  • Minimal data collection: We collect only information necessary to operate the Platform.
  • Retention limits: Personal data is deleted after retention periods specified in our Privacy Policy.
  • Sensitive data: Passwords are hashed by Supabase Auth; payment card data never touches our servers (delegated to Stripe).

6. Third-Party Review

We use industry-standard services (Supabase, Vercel, Stripe, MailerLite) that undergo regular security audits and comply with SOC 2 or similar frameworks. Review their security documentation for specifics.

7. Security Headers

We implement HTTP security headers to protect against common vulnerabilities:

  • Strict-Transport-Security (HSTS): Enforces HTTPS.
  • X-Content-Type-Options: Prevents MIME-sniffing attacks.
  • X-Frame-Options: Restricts clickjacking.
  • Referrer-Policy: Controls referrer exposure.
  • Permissions-Policy: Restricts browser feature access.

8. Vulnerability Disclosure

If you discover a security vulnerability, please report it responsibly to:

Email: gvosmith.ent@gmail.com

Please include a detailed description of the vulnerability and steps to reproduce. We will investigate and respond within 30 days.

Do not publicly disclose vulnerabilities before we have had a reasonable opportunity to address them.

9. Limitations

Security is an ongoing process. We make no guarantee of uninterrupted availability or absolute protection against all attacks. Users are responsible for maintaining strong passwords, secure devices, and protecting their own information.

10. Updates

We continuously monitor and improve security practices. Material changes to security measures will be documented here.

© 2026 CAD Guardian LLC. All rights reserved.