UclevaUcleva

Security

Last updated: June 5, 2026

Security is a first-class concern at Ucleva. This page summarizes the controls that protect customer data.

Infrastructure

  • Hosted on hardened cloud infrastructure with isolated production environments.
  • Data encrypted in transit (TLS 1.2+) and at rest (AES-256).
  • Daily automated backups with point-in-time recovery.

Application security

  • Row-Level Security (RLS) enforced on every tenant-scoped table.
  • Two-tier admin model (company admin + team admin) with least-privilege roles stored separately from user profiles.
  • Server-side input validation and signed webhooks (HMAC-SHA512) for payment events.
  • Secrets managed via a sealed secret store; no credentials in source.

Access control

  • SSO-ready authentication with email + OAuth providers.
  • Internal access to production is restricted, audited, and requires MFA.

Monitoring & response

  • Continuous logging, anomaly detection, and uptime monitoring.
  • Documented incident response plan; affected customers notified without undue delay.

Responsible disclosure

Report vulnerabilities to security@ucleva.com. We acknowledge reports within 2 business days.