Security
Per-tenant isolated databases, AES-256-GCM encrypted secrets, distributed rate limiting, and a complete audit log. Hypertab was built for AI agents — which means everything is signed, scoped, and logged by default.
Below is the full posture as of our most recent P0 hardening pass. Not marketing claims — actual implementation.
The eight pillars
Per-tenant isolated databases
Every customer signup provisions a dedicated Turso (libSQL) database. No shared tables, no row-level security gymnastics. Cross-tenant access is architecturally impossible — there is no shared connection pool.
AES-256-GCM encryption at rest for secrets
AI provider keys, API account auth headers, environment variables, and the per-tenant database tokens themselves are AES-256-GCM encrypted in storage. The encryption key is held in Cloudflare Workers secrets — never in source, never in logs.
Distributed rate limiting
Plan-tier rate limits are enforced per user_id via Cloudflare Durable Objects (RateLimiter). Free 100/min → Enterprise 50K/min. Falls back to in-memory only in local dev. Stops abuse without false-positiving honest traffic.
Comprehensive audit log
Every signup, key creation, key revocation, MCP tool call, and failed auth attempt is written to _ht_audit_log with actor, action, target, IP, timestamp, and details JSON. Exportable on Pro and above.
JWT verification (zero deps)
Supabase auth tokens are verified via HMAC-SHA256 using the Web Crypto API. No npm-package supply-chain risk. Token expiry, signature, and claims all validated before any DB call.
WebSocket auth at the connection layer
WebSocket connections are validated against the database — not just a prefix check. Stale or revoked tokens close the socket immediately.
Sandboxed user functions
User-supplied JavaScript (formula columns, custom functions) runs with restricted globals — no fetch, no globalThis escape, no DOM. Workers-for-Platforms isolation is the Phase 5 hardening.
Strict Content Security Policy
CSP, Cross-Origin-Opener-Policy, Cross-Origin-Resource-Policy, X-Frame-Options DENY, X-Content-Type-Options nosniff, Strict-Transport-Security with preload. No inline scripts on customer-facing pages without nonce.
Compliance roadmap
- SOC 2 Type 1
- Q4 2026 (audit scheduled)
- SOC 2 Type 2
- 2027
- GDPR / CCPA data subject rights
- Live
- DPA available on request
- Live
- HIPAA BAA
- Enterprise — case by case
- ISO 27001
- 2027
Reporting a vulnerability
Email security@hypertab.ai with details. We acknowledge within 24 hours, triage within 72 hours, and pay bounties for valid reports per our published policy. Coordinate disclosure — no public disclosure before fix is shipped.
FAQ
- Is Hypertab SOC 2 compliant? +
- SOC 2 Type 1 audit is scheduled for Q4 2026. SOC 2 Type 2 follows in 2027. Until then, Enterprise customers can request our security questionnaire (CAIQ-Lite) and pen-test summary at hello@hypertab.ai.
- Where is data hosted? +
- Customer data lives in Turso (libSQL) — primary region selectable at signup (us-east, us-west, eu-west, ap-south). Compute runs on Cloudflare Workers globally. AI provider calls hit your chosen provider directly (OpenAI, Anthropic, etc.) — Hypertab does not log prompt content or responses unless you opt in.
- Who can access my data? +
- Only you and the team members you invite. Hypertab engineers cannot read customer database contents — we have admin access to provision databases and inspect schema, but row data is encrypted in transit and audit-logged on access. Any engineer-initiated read of customer data triggers an alert.
- How do I rotate or revoke API keys? +
- Dashboard → API Keys → Revoke. Takes effect within 5 seconds globally (Cloudflare KV propagation). Rotated keys invalidate all in-flight MCP connections — agents will reconnect with the new key. All revocations are audit-logged.
- What happens if there is a breach? +
- Per our incident response plan: customers affected are notified within 72 hours (GDPR Article 33 timeline), root cause is published in INCIDENTS.md within 7 days, and any compromised credentials are auto-rotated. We have not had a breach to date.
- Can I delete my data? +
- Yes. Settings → Delete Account triggers full deletion of your Turso database, Workers state, audit logs older than the legal retention window (90 days for security logs), and all backups within 30 days. You receive a deletion certificate by email.