Your most sensitive data can stay on your machine.

Every byte in and out of Olto Discovery is encrypted and filtered at the network edge before it reaches application code.

• TLS 1.3 with TLS 1.2 fallback on all connections; HTTP is permanently redirected to HTTPS
• HTTP Strict Transport Security (HSTS) enabled with a one-year max-age and includeSubDomains
• Global edge network with DDoS absorption and anycast routing through our hosting provider
• Rate limiting on authentication, AI, and API endpoints to slow brute-force and abuse

A strict set of HTTP security headers constrains what the browser will execute, load, or expose.

• Content Security Policy (CSP) restricting scripts, styles, fonts, images, and connections to an explicit allowlist
• X-Frame-Options: DENY and frame-ancestors to prevent clickjacking
• X-Content-Type-Options: nosniff to block MIME-type confusion attacks
• Permissions-Policy disabling camera, microphone, geolocation, USB, and FLoC cohorts
• Referrer-Policy: strict-origin-when-cross-origin to limit referrer leakage

Identity is verified on every request, and credentials are protected with industry-standard cryptography.

• Passwords hashed with bcrypt using a per-user salt; plaintext passwords are never stored or logged
• Optional two-factor authentication (TOTP) with single-use recovery codes; when enabled, the second factor is enforced before any dashboard or API access — sessions that have not stepped up are redirected to the challenge (fail-closed)
• hCaptcha on sign-in and sign-up to slow automated abuse
• JWT-based sessions with short-lived access tokens and automatic secure refresh; "sign out everywhere" revokes every active session
• Session cookies are Secure and SameSite; a strict Content-Security-Policy and an explicit cross-origin CSRF/Origin check mitigate token theft and request forgery
• Per-account session-timeout controls and visible login history for anomaly review
• Sign-in records include IP and session and device metadata, surfaced to each user

Even with a valid session, every row of data is gated by database-enforced access policies, not just application logic.

• PostgreSQL Row-Level Security (RLS) enforced on every user table: isolation is checked at the database engine, not the app layer
• Default-deny posture: tables reject all access unless an explicit policy grants it
• Principle of least privilege: the anonymous role can read only explicitly public content
• SECURITY DEFINER database functions are pinned to a fixed search_path and revoked from public roles to prevent privilege escalation
• Private storage buckets scoped per user; uploads validated by MIME type and size

Stored data is encrypted on disk and in backups using strong, modern ciphers.

• AES-256 encryption at rest for the primary database and object storage, provided by our infrastructure platform
• Automated backups managed by our database provider; recovery options depend on the provider plan in effect
• Secrets and API keys stored in an encrypted environment vault, never committed to source control
• Cryptographic operations (hashing, digests) handled by vetted libraries (pgcrypto, bcrypt)

Security-relevant actions are recorded in an append-only audit log that user sessions cannot forge, alter, or delete.

• Append-only by design: users can read their own events through a scoped function but cannot insert, alter, or delete entries
• Audit entries are written only through a privileged server-side path (service role); a user session has no ability to forge or suppress them
• Authentication events, data mutations, and administrative actions are logged with actor, IP, user-agent, and timestamp
• Failed-sign-in and rate-limit events are recorded for review of brute-force and credential-stuffing patterns
• Audit data is retained and purged on a defined schedule