Lighthouse is built on infrastructure designed for security and reliability. Here is how we protect your data.
Infrastructure
Hosted on Vercel with automatic TLS certificates
Database hosted on Supabase (AWS infrastructure, SOC 2 Type II)
All data encrypted at rest (AES-256) and in transit (TLS 1.3)
Row Level Security (RLS) enforced on every database table
Authentication
Magic-link authentication only (no passwords stored)
Session tokens are short-lived and rotated automatically
All authentication handled by Supabase Auth
Payments
All payment processing handled by Stripe (PCI DSS Level 1)
We never see or store your card number
Webhook signatures verified on every event
Application Security
API keys are hashed (SHA-256) before storage
All user input is validated and sanitized server-side
CORS and CSP headers configured on all endpoints
Dependencies audited regularly for known vulnerabilities
Data Isolation
Each account's data is isolated through PostgreSQL Row Level Security policies. Users can only access their own projects, waitlists, surveys, and subscriber data. Public pages only expose the minimum data needed to render signup forms.
Reporting Vulnerabilities
If you discover a security issue, please report it through our contact page. We take all reports seriously and will respond within 48 hours.