Security at Andru

You trust us with your go-to-market intelligence. Here's how we protect it.

Data Isolation

Database isolation: Row-Level Security (RLS) policies enforce tenant isolation at the database level. Every query is scoped to the authenticated user via auth.jwt(). Customers can only read and write their own data.
Session isolation: API-key-scoped sessions for CLI and MCP access. No shared state between customers. Each session creates an independent client bound to one user ID.
AI call isolation: Each AI call is independent. Customer data never appears in another customer's prompt context. No batching across customers.
Prompt injection defense: Customer-supplied text (product descriptions, competitor names) is wrapped in structural XML delimiters with explicit model instructions to treat enclosed content as data, not instructions. Adversarial injection testing covers 5 attack vectors including XML tag escape, template injection, and encoding bypass.

Encryption

In transit: TLS 1.2+ on all connections between clients, API, and third-party services.
At rest: AES-256 encryption. All customer data stored in Supabase PostgreSQL on AWS (us-east-1).
Secrets management: No hardcoded secrets in codebase. Gitleaks scanning with custom rules for platform-specific key patterns (Supabase JWT, Anthropic, Render). API response bodies scanned for accidentally leaked secrets before delivery.

Application Security

SQL injection prevention: All database queries use the Supabase SDK with parameterized queries. No raw SQL string concatenation. Row-Level Security provides a second layer of defense at the database level.
XSS prevention: Input sanitization middleware on both backend and frontend. Suspicious pattern blocking (script tags, event handlers, javascript: protocol). Content Security Policy (CSP) headers restrict script execution sources.
CSRF protection: SameSite cookie policy. CORS whitelist restricts origins to platform domains only. API authentication uses Bearer tokens and API keys, not cookies.
Security headers: Helmet middleware enforces: Content-Security-Policy, Strict-Transport-Security (HSTS, 1-year max-age, includeSubDomains), X-Frame-Options (DENY), X-Content-Type-Options (nosniff), Referrer-Policy, Permissions-Policy.
Rate limiting: express-rate-limit on all backend API endpoints. Stricter limits on sensitive endpoints (auth, payment). MCP server rate limited at 100 requests per 15 minutes per API key. Rate limit events emitted to SIEM.

Authentication & Access

Authentication provider: Supabase Auth (built on GoTrue). Email/password with secure password requirements (minimum 8 characters, uppercase, lowercase, number, special character). OAuth support for third-party login.
Session management: JWT-based sessions with expiration. Refresh token rotation. Sessions invalidated on password change and account deletion.
API authentication: API key authentication for CLI and MCP access. Keys scoped to user ID with configurable permissions. Keys revocable via platform settings.
Admin access: Role-based access control. Admin operations require verified admin role. Non-admin users cannot access admin endpoints.

Backup & Disaster Recovery

Database backups: Supabase provides automated daily backups with point-in-time recovery (PITR). Backups encrypted at rest on AWS.
AI provider resilience: 4-provider failover chain (Anthropic, Google, Mistral, Together) with circuit breaker pattern (CLOSED/OPEN/HALF_OPEN). Final fallback to local algorithmic engines requiring no external API calls. Platform continues functioning even if all AI providers are unavailable.
Cache resilience: Backend gracefully degrades to in-memory mode if Redis is unavailable. Core functionality (assessments, API, authentication) continues without cache.
Audit trail: Structured request logging with correlation IDs across all services (backend, agent platform, MCP server). SIEM event stream for security events. Incident timeline tracking with fix attempt history.

AI Provider Data Handling

Primary provider: Anthropic (Claude API). Anthropic does not train on API data. Customer Content is classified as Customer's Confidential Information under Anthropic's Commercial Terms. Zero-retention API.
Fallback providers: Google (Gemini), Mistral, Together AI. Used only when primary provider is unavailable. Automatic failover chain with circuit breaker pattern.
Final fallback: Local algorithmic engines (ICP scoring, positioning, cost calculation). No external API calls. Customer data does not leave the platform.
Model training: No customer data is used to train, fine-tune, or improve any AI model — Andru's or any third party's.

Security Monitoring

SIEM pipeline: Real-time security event detection with automated containment actions. Events classified by severity (critical, high, medium, low, info) with alerting to dedicated security channels.
Database audits: Row-Level Security policy verification every 24 hours. Security header audit every 12 hours.
Dependency scanning: npm audit runs on every pull request. Critical and high-severity vulnerabilities block merge. Gitleaks secret scanning on every commit.
Uptime monitoring: Health checks every 15 minutes via automated workflow. Incidents auto-created on failure, auto-closed on recovery.
Output validation: Every customer-facing intelligence tool validates its output against Zod schemas before delivery. Schema violations emit security events for drift detection.

Incident Response

Classification: Three-tier system: MINOR (auto-fix via playbooks), MAJOR (AI-assisted diagnosis with autonomous resolution), CRITICAL (requires human approval before action).
Detection: Automated detection via 5 monitors (auth, UI, rate-limit, service-health, security). Real data from health endpoints, SIEM events, and dependency checks — not AI-imagined scenarios.
Resolution: 4 auto-fix playbooks (auth issues, UI rendering, rate limits, fallback services). Circuit breaker safety: max 3 fix attempts per incident, max 5 automated builds per hour.
Notification: Slack alerting with severity-based routing. Critical incidents require human approval with 30-minute auto-approve deadline.

Integration Permissions

Slack: Read and send messages in designated #andru channels only. No DM access. No message history access beyond channel scope.
Calendar (Google/Outlook): Read-only. Meeting titles and attendees for pre-call brief generation. No write access.
CRM: Read contacts and deals. Write meeting notes only. No bulk export or deletion capability.
CLI (andru-intel): No telemetry collected. No local file access. Only makes API calls when you explicitly invoke a tool. Local SQLite cache for offline mode stays on your device.
MCP Server: Same as CLI. Runs inside Claude Desktop or Cursor. Authenticates via API key per session. Rate limited at 100 requests per 15 minutes per key.

Account Deletion

Process: Settings → Account → Delete Account. 3-day grace period (cancel by logging in). After 3 days: permanent deletion cascade.
Scope: All customer data removed from all database tables: profiles, assessments, ICP data, pipeline runs, generated resources, API keys, usage logs, AI cost tracking. Stripe subscriptions cancelled. OAuth tokens revoked. Auth credentials permanently removed.
Cache data: Redis cache data expires automatically via TTL. Local MCP cache (SQLite on your device) is your responsibility.
Verification: Deletion cascade coverage verified by automated integration test. If a new table storing customer data is added, the test fails until the cascade is updated.

Compliance

Data Processing Agreement: Available on request. Covers: processing scope, sub-processor list, security measures, data subject rights, breach notification (72-hour timeline), data return and deletion.
GDPR: Right-to-erasure implemented via permanent deletion cascade. Data stored in US (AWS us-east-1). Standard Contractual Clauses available for EU customers.
CCPA: No sale of customer data. Deletion available via self-service or on request.
SOC 2: Technical controls in place. Certification on roadmap.
Sub-processors: Supabase (database, AWS US), Render (hosting, US), Anthropic (AI, US), Google/Mistral/Together (AI fallback), Stripe (payments), Resend (email), Netlify (frontend, no customer data).

Security at Andru

You trust us with your go-to-market intelligence. Here's how we protect it.

Data Isolation

Database isolation: Row-Level Security (RLS) policies enforce tenant isolation at the database level. Every query is scoped to the authenticated user via auth.jwt(). Customers can only read and write their own data.
Session isolation: API-key-scoped sessions for CLI and MCP access. No shared state between customers. Each session creates an independent client bound to one user ID.
AI call isolation: Each AI call is independent. Customer data never appears in another customer's prompt context. No batching across customers.
Prompt injection defense: Customer-supplied text (product descriptions, competitor names) is wrapped in structural XML delimiters with explicit model instructions to treat enclosed content as data, not instructions. Adversarial injection testing covers 5 attack vectors including XML tag escape, template injection, and encoding bypass.

Encryption

In transit: TLS 1.2+ on all connections between clients, API, and third-party services.
At rest: AES-256 encryption. All customer data stored in Supabase PostgreSQL on AWS (us-east-1).
Secrets management: No hardcoded secrets in codebase. Gitleaks scanning with custom rules for platform-specific key patterns (Supabase JWT, Anthropic, Render). API response bodies scanned for accidentally leaked secrets before delivery.

Application Security

SQL injection prevention: All database queries use the Supabase SDK with parameterized queries. No raw SQL string concatenation. Row-Level Security provides a second layer of defense at the database level.
XSS prevention: Input sanitization middleware on both backend and frontend. Suspicious pattern blocking (script tags, event handlers, javascript: protocol). Content Security Policy (CSP) headers restrict script execution sources.
CSRF protection: SameSite cookie policy. CORS whitelist restricts origins to platform domains only. API authentication uses Bearer tokens and API keys, not cookies.
Security headers: Helmet middleware enforces: Content-Security-Policy, Strict-Transport-Security (HSTS, 1-year max-age, includeSubDomains), X-Frame-Options (DENY), X-Content-Type-Options (nosniff), Referrer-Policy, Permissions-Policy.
Rate limiting: express-rate-limit on all backend API endpoints. Stricter limits on sensitive endpoints (auth, payment). MCP server rate limited at 100 requests per 15 minutes per API key. Rate limit events emitted to SIEM.

Authentication & Access

Authentication provider: Supabase Auth (built on GoTrue). Email/password with secure password requirements (minimum 8 characters, uppercase, lowercase, number, special character). OAuth support for third-party login.
Session management: JWT-based sessions with expiration. Refresh token rotation. Sessions invalidated on password change and account deletion.
API authentication: API key authentication for CLI and MCP access. Keys scoped to user ID with configurable permissions. Keys revocable via platform settings.
Admin access: Role-based access control. Admin operations require verified admin role. Non-admin users cannot access admin endpoints.

Backup & Disaster Recovery

Database backups: Supabase provides automated daily backups with point-in-time recovery (PITR). Backups encrypted at rest on AWS.
AI provider resilience: 4-provider failover chain (Anthropic, Google, Mistral, Together) with circuit breaker pattern (CLOSED/OPEN/HALF_OPEN). Final fallback to local algorithmic engines requiring no external API calls. Platform continues functioning even if all AI providers are unavailable.
Cache resilience: Backend gracefully degrades to in-memory mode if Redis is unavailable. Core functionality (assessments, API, authentication) continues without cache.
Audit trail: Structured request logging with correlation IDs across all services (backend, agent platform, MCP server). SIEM event stream for security events. Incident timeline tracking with fix attempt history.

AI Provider Data Handling

Primary provider: Anthropic (Claude API). Anthropic does not train on API data. Customer Content is classified as Customer's Confidential Information under Anthropic's Commercial Terms. Zero-retention API.
Fallback providers: Google (Gemini), Mistral, Together AI. Used only when primary provider is unavailable. Automatic failover chain with circuit breaker pattern.
Final fallback: Local algorithmic engines (ICP scoring, positioning, cost calculation). No external API calls. Customer data does not leave the platform.
Model training: No customer data is used to train, fine-tune, or improve any AI model — Andru's or any third party's.

Security Monitoring

SIEM pipeline: Real-time security event detection with automated containment actions. Events classified by severity (critical, high, medium, low, info) with alerting to dedicated security channels.
Database audits: Row-Level Security policy verification every 24 hours. Security header audit every 12 hours.
Dependency scanning: npm audit runs on every pull request. Critical and high-severity vulnerabilities block merge. Gitleaks secret scanning on every commit.
Uptime monitoring: Health checks every 15 minutes via automated workflow. Incidents auto-created on failure, auto-closed on recovery.
Output validation: Every customer-facing intelligence tool validates its output against Zod schemas before delivery. Schema violations emit security events for drift detection.

Incident Response

Classification: Three-tier system: MINOR (auto-fix via playbooks), MAJOR (AI-assisted diagnosis with autonomous resolution), CRITICAL (requires human approval before action).
Detection: Automated detection via 5 monitors (auth, UI, rate-limit, service-health, security). Real data from health endpoints, SIEM events, and dependency checks — not AI-imagined scenarios.
Resolution: 4 auto-fix playbooks (auth issues, UI rendering, rate limits, fallback services). Circuit breaker safety: max 3 fix attempts per incident, max 5 automated builds per hour.
Notification: Slack alerting with severity-based routing. Critical incidents require human approval with 30-minute auto-approve deadline.

Integration Permissions

Slack: Read and send messages in designated #andru channels only. No DM access. No message history access beyond channel scope.
Calendar (Google/Outlook): Read-only. Meeting titles and attendees for pre-call brief generation. No write access.
CRM: Read contacts and deals. Write meeting notes only. No bulk export or deletion capability.
CLI (andru-intel): No telemetry collected. No local file access. Only makes API calls when you explicitly invoke a tool. Local SQLite cache for offline mode stays on your device.
MCP Server: Same as CLI. Runs inside Claude Desktop or Cursor. Authenticates via API key per session. Rate limited at 100 requests per 15 minutes per key.

Account Deletion

Process: Settings → Account → Delete Account. 3-day grace period (cancel by logging in). After 3 days: permanent deletion cascade.
Scope: All customer data removed from all database tables: profiles, assessments, ICP data, pipeline runs, generated resources, API keys, usage logs, AI cost tracking. Stripe subscriptions cancelled. OAuth tokens revoked. Auth credentials permanently removed.
Cache data: Redis cache data expires automatically via TTL. Local MCP cache (SQLite on your device) is your responsibility.
Verification: Deletion cascade coverage verified by automated integration test. If a new table storing customer data is added, the test fails until the cascade is updated.

Compliance

Data Processing Agreement: Available on request. Covers: processing scope, sub-processor list, security measures, data subject rights, breach notification (72-hour timeline), data return and deletion.
GDPR: Right-to-erasure implemented via permanent deletion cascade. Data stored in US (AWS us-east-1). Standard Contractual Clauses available for EU customers.
CCPA: No sale of customer data. Deletion available via self-service or on request.
SOC 2: Technical controls in place. Certification on roadmap.
Sub-processors: Supabase (database, AWS US), Render (hosting, US), Anthropic (AI, US), Google/Mistral/Together (AI fallback), Stripe (payments), Resend (email), Netlify (frontend, no customer data).