Security at FullHouseAI

All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption. Every connection to FullHouseAI is secured with HTTPS.

We use Supabase Auth with secure JWT tokens. Sessions expire automatically after inactivity. All passwords are hashed using bcrypt and never stored in plain text.

Every user can only access their own data. We use Row Level Security (RLS) on all database tables, enforced at the database level. Even if application code had a bug, the database itself prevents cross-user data access.

All payments are processed by Stripe, a PCI DSS Level 1 certified provider. We never store card details. Payment information goes directly to Stripe and never touches our servers.

All API endpoints are rate-limited to prevent abuse. AI endpoints have additional per-user limits to protect service quality for all users.

Your data is backed up daily. We maintain multiple days of backup history to protect against data loss.

FullHouseAI is hosted on Vercel with automatic HTTPS, DDoS protection, and edge caching. Our database is hosted on Supabase with enterprise-grade security, automatic backups, and data encryption.

We implement comprehensive HTTP security headers including Content Security Policy (CSP), Strict Transport Security (HSTS), and X-Frame-Options to protect against common web vulnerabilities.

Found a security issue? Please report it to: support@fullhouseai.co.uk

We take all reports seriously and will respond within 48 hours.