Security Policy

Netrows maintains a risk-based security assessment program. The framework for Netrows security program includes administrative, organizational, and technical safeguards designed to protect Netrows services and confidentiality, integrity, and availability of customer data. Netrows security program is intended to be appropriate to the nature of the Netrows services and the size and complexity of Netrows business operations.

All Netrows employees and contract personnel are bound by contractual agreements and Netrows internal policies regarding maintaining the confidentiality of customer data and are contractually obligated to comply with these obligations.

All Netrows employees must complete a security and privacy training which covers Netrows security policies, security best practices, and privacy principles. All application passwords must be saved on a password manager. Each service must have its unique password. When available, two-factor authentication (2FA) must be enabled. When available, by using a physical key. Otherwise, by using a 2FA application. SMS 2FA is not allowed.

Vendor Assessment

Netrows may use third party vendors to provide certain services. Netrows carries out a security risk-based assessment of prospective vendors before working with them to validate they meet Netrows security requirements.

Vendor Agreements

Netrows enters into written agreements with all of its vendors which include confidentiality, privacy, and security obligations that provide an appropriate level of protection for customer data that these vendors may process.

Vercel Edge Network

The Netrows services are hosted on Vercel Edge Network with global CDN distribution. Customer data transmitted through Vercel is encrypted in transit using TLS 1.3. Vercel provides automatic DDoS protection and enterprise-grade security. More information about Vercel security is available at https://vercel.com/docs/security.

Supabase (PostgreSQL)

The Netrows database is hosted on Supabase, a SOC 2 Type II certified platform. Customer data stored within Supabase is encrypted at rest using AES-256 encryption. Supabase does not have access to unencrypted customer data. More information about Supabase security is available at https://supabase.com/docs/guides/platform/security.

Databases

Databases are not open to the world: any connection from a disallowed IP address will be rejected. Only connections from authorized Netrows services are allowed. When possible, data is pseudonymized. OAuth and refresh tokens are stored encrypted, using the AES-256-CBC algorithm. Passwords are stored encrypted, using the bcrypt function with cost factor 10. API keys are hashed using bcrypt before storage.

Services

For the Netrows services, all network access between production hosts is restricted, using access control lists to allow only authorized roles to interact in the production network. Access control lists are in use to manage network segregation between different security zones in the production and corporate environments. Access control lists are reviewed regularly.

Netrows follows security by design principles when it designs the services. This includes, the performance of internal security reviews before deploying new services or code; penetration tests of new services by independent third parties; and regular scans to detect potential security threats and vulnerabilities.

Provisioning Access

To minimize the risk of data exposure, Netrows follows the principles of least privilege through a role-based-access-control model when provisioning system access. An employee's access to customer data is promptly removed upon termination of their employment. In order to access the production environment, an authorized user must have a unique username and password and multi-factor authentication enabled. Netrows logs high risk actions and changes in the production environment. By default, links holding data (password reset, email change, email validation, etc.) are encrypted using the AES-256-CBC algorithm. We leverage automation to detect any deviation from our internal technical standards such as malicious usage.

Password Controls

Users cannot create an account on Netrows using a compromised password from the haveibeenpwned.com database. All passwords are hashed using bcrypt with cost factor 10 before storage.

Row Level Security (RLS)

All database tables implement Row Level Security (RLS) policies to ensure users can only access their own data. Database-level access control provides an additional layer of security beyond application-level checks.

Rate Limiting

API endpoints are protected with rate limiting (20 requests per minute per user account) to prevent abuse and ensure fair usage. Rate limits are enforced at the user level, not per API key.

Logs

The following logs of actions are stored:

• •On Vercel, every HTTP request is logged;
• •Every API call is stored in the database with full audit trail;
• •Every user sensitive action is stored in the database;
• •Every admin action is stored in the database.

Netrows maintains controls to mitigate the risk of security vulnerabilities by using third-party tools to conduct vulnerability scans regularly to assess vulnerabilities in Netrows infrastructure and systems. Critical software patches are evaluated, tested, and applied proactively. Dependencies are updated regularly for security patches, and automated vulnerability scanning is performed on every deployment.

Netrows performs the following backups of its data:

• •On-site backups (managed by Supabase, performed daily), encrypted at rest, through the Advanced Encryption Standard (AES-256) algorithm (further information can be found at https://supabase.com/docs/guides/platform/backups);
• •Point-in-time recovery (PITR) enabled for database restoration to any point within the last 7 days;
• •API response archives stored in Supabase Storage, encrypted at rest via AES-256.

Data in Transit

All data transmitted between clients and Netrows services is encrypted using TLS 1.3, the latest and most secure version of the Transport Layer Security protocol. This ensures that all API requests, responses, and authentication tokens are protected from interception.

Data at Rest

All customer data stored in our database is encrypted at rest using AES-256 encryption, a military-grade encryption standard. API keys are hashed using bcrypt with cost factor 10 before storage. OAuth and refresh tokens are encrypted using the AES-256-CBC algorithm. Sensitive data is never stored in plain text.

Netrows uses Stripe, a PCI Level 1 certified payment processor, for all payment processing. We never store or have access to your payment card details. All payment information is handled directly by Stripe with 3D Secure authentication and automatic fraud detection via Stripe Radar.

We take security vulnerabilities seriously. If you discover a security issue, please report it responsibly:

Netrows complies with industry standards and regulations: