Infrastructure & hosting
Domani is hosted on Vercel and Supabase, both running in SOC 2 Type II audited data centres with redundant power, networking, and physical security.
Security
How we protect your data
Planning tomorrow requires trust. Here’s how we keep your tasks, habits, and notes safe.
Encryption
All traffic is forced over HTTPS/TLS 1.2+. Data at rest (tasks, notes, account info) is encrypted using AES-256. Secrets are stored in managed key stores, never in git.
Authentication & access
Password hashing uses bcrypt, and admin access requires hardware-backed MFA. Production data access is limited to a handful of engineers for support purposes only.
Monitoring & alerting
We log authentication attempts, configuration changes, and unusual API spikes. Pager alerts fire for availability regressions or suspicious behaviour.
Backups & resilience
Automated database backups run daily with 30-day retention. Disaster recovery procedures are rehearsed quarterly to ensure we can restore service quickly.
Incident response
If we detect a breach, customers are notified via email within 72 hours with remediation steps. We’ll share a full timeline and preventative actions.
Responsible disclosure
Security researchers can report vulnerabilities to security@domani.app. We review submissions within 48 hours and coordinate fixes with the reporter.
Need a security review or DPA?
Email security@domani.app for vendor questionnaires, penetration-test results, or to request a data processing agreement. You can also view our privacy policy.