Security

• HTTPS enforced (HSTS preload).
• Strict Content Security Policy with allow-listed origins.
• Auth via Supabase with email + OAuth (Google, GitHub).
• Database protected with Row-Level Security; service role isolated to server.
• Stripe Checkout - no card data ever touches our servers.
• Signed, short-TTL download links from a private bucket.

Report security issues responsibly to security@dnatechnology.ca.