SEDU
Back to HomeAboutThe MissionRoadmapInvestorsPartners
Join Early Access
Trust & Infrastructure

Security Architecture

Privacy is not a feature at SEDU — it is the foundation. Our security architecture is designed from the ground up to protect sensitive personal health information and earn user trust at every layer.

End-to-End Encryption

All data transmitted to and from SEDU is protected by TLS 1.3. Data at rest is encrypted using AES-256 encryption at the storage layer. User content is encrypted before leaving the client device in our planned mobile application architecture.

Supabase Infrastructure

SEDU's database is powered by Supabase — a SOC 2 Type II certified infrastructure provider built on PostgreSQL. Row Level Security (RLS) policies ensure that users can only access their own data. Service role keys are never exposed to the client.

Minimal Data Surface

We operate a principle of data minimisation. We collect only what is required for core functionality. No third-party analytics trackers, no advertising pixels, no behavioural profiling. Every data field collected has a defined purpose and retention policy.

Access Controls

Admin access to user data is strictly controlled through authenticated sessions with role-based access control. Session tokens are short-lived and scoped to specific permissions. All admin actions are logged with timestamps and operator identity.

Compliance Standards

GDPR
EU Data Protection
DPDPA
India Digital Personal Data
SOC 2 Type II
Via Supabase Infra
TLS 1.3
In-transit Encryption

Responsible Disclosure Policy

  • All security reports are treated with the highest priority. We do not currently operate a public bug bounty program but will formally acknowledge responsible disclosures.
  • Contact our security team at: security@seduhealth.com
  • Please include detailed reproduction steps and do not exploit vulnerabilities beyond demonstrating the flaw.
  • We commit to acknowledging your report within 48 hours, providing a status update within 7 days, and crediting you (with your permission) once the vulnerability has been resolved.
  • We ask that you do not publicly disclose vulnerabilities until we have had the opportunity to investigate and remediate the issue.
  • SEDU does not currently operate a paid bug bounty programme, but we deeply appreciate responsible disclosure and will recognise significant contributions publicly.
Security reports: security@seduhealth.com