Security and data protection.
Veridat is designed for teams that handle sensitive commercial information: evidence files, claim records, and approval history that carry legal and regulatory weight. Every security decision reflects that context.
Data isolation
Veridat is designed around workspace isolation. Server-side access checks scope claim, evidence, and approval requests to the authenticated user's workspace membership before data is returned.
Evidence storage
Uploaded evidence files are stored in a private Supabase Storage bucket and served through authenticated application routes that validate workspace membership before returning file content.
Authentication
Veridat supports email/password authentication and configured OAuth providers such as Google and GitHub. Sessions are managed server-side, and password reset tokens expire after 24 hours.
Security headers
Veridat applies baseline response headers including X-Frame-Options, X-Content-Type-Options, Referrer-Policy, and Permissions-Policy. A stricter Content Security Policy is planned before paid launch.
Veridat is currently in beta. Formal security certifications (SOC 2, ISO 27001) are on our roadmap. If you have specific security requirements for enterprise evaluation, contact us.
Questions about security or enterprise requirements?
We're happy to discuss our security posture, data handling practices, and roadmap with your security or procurement team.