Security

Effective Date: April 13, 2026

Our Commitment

At SkyeInsight, security is foundational to our platform. We implement industry-standard practices and continuously monitor our systems to protect the confidentiality, integrity, and availability of our platform and your data.

Authentication & Access Control

  • Invite-only access: The Platform does not allow public registration. All accounts are provisioned by the administrator through a secure invitation process.
  • Secure authentication: Passwords are hashed using bcrypt. Authentication sessions are managed with industry-standard JWT tokens and secure cookie handling.
  • Route protection: All application routes are protected by server-side middleware. Unauthorized requests are automatically redirected.
  • Session management: Sessions expire automatically after a defined period. Users can sign out at any time to invalidate their session.

Encryption

  • In transit: All communications between your browser and our servers are encrypted using TLS 1.3 (HTTPS). No unencrypted connections are permitted.
  • At rest: All stored data is encrypted using AES-256 encryption at the infrastructure level.
  • Secrets management: API keys, database credentials, and other sensitive values are stored as encrypted environment variables on the server. They are never exposed in client-side code, version control, or application logs.

Data Protection

  • Anonymization: All personal identifiers in collected data are irreversibly anonymized using cryptographic hashing before storage.
  • Minimization: We collect only the minimum data necessary to provide our services.
  • Isolation: Client data and analytics sessions are logically isolated. Server-side API routes ensure that database queries are executed securely without exposing credentials to the client.

Infrastructure

Our platform is built on trusted, enterprise-grade infrastructure:

  • Application hosting: Vercel — serverless, edge-optimized deployment with automatic SSL certificate provisioning and DDoS protection.
  • Database: Supabase — managed PostgreSQL hosted on AWS with automated backups, encryption at rest, and row-level security capabilities.
  • AI processing: Google Cloud (Gemini) — enterprise-grade API with encrypted communication. Processed data is not retained by the provider for training purposes.

Monitoring

  • Automated safety signal scanning runs on a continuous schedule to detect and report potential adverse drug events.
  • FDA regulatory database monitoring runs every 20 minutes for Complete Response Letter detection.
  • Application performance and error monitoring is active across all services.

Incident Response

In the event of a security incident, we will:

  • Investigate and contain the incident as quickly as possible
  • Notify affected users within 72 hours of confirmed impact
  • Document the incident and implement measures to prevent recurrence
  • Cooperate with relevant authorities as required

Vulnerability Reporting

If you discover a potential security vulnerability, please report it to the Platform administrator immediately. We appreciate responsible disclosure and will work to address reported issues promptly.

Contact

For security-related inquiries, please contact the Platform administrator at Silverarc Media.