Security
Last updated: March 2026
Infrastructure
Applications are deployed on isolated container infrastructure with automated backups, monitoring, and SSL/TLS encryption in transit.
Authentication
All authentication is handled through industry-standard protocols including OAuth 2.0, magic links, and password-based auth with bcrypt hashing. Session tokens are HTTP-only, secure, and SameSite-protected.
Data Protection
Row-level security is enforced at the database level. All API endpoints verify authentication and authorization before processing requests.
Payment Security
All payment processing is handled by Stripe. DeNovo never stores, processes, or transmits raw payment card data.
Reporting Vulnerabilities
To report a security vulnerability, contact [email protected].