Infrastructure

1010 runs on enterprise-grade cloud infrastructure with data hosted exclusively in India. Our database uses Supabase (PostgreSQL) with automated backups, point-in-time recovery, and geographic redundancy within India.

Encryption

All data is encrypted at rest using AES-256 encryption. All data in transit is protected with TLS 1.3. Database connections use encrypted channels. File uploads (invoices, bank statements) are encrypted before storage.

Access Control

Row-Level Security (RLS) policies ensure complete data isolation between organizations. Each business can only access its own data — even at the database level. Role-based access control (RBAC) within organizations ensures team members see only what they need.

Authentication

We support email/password authentication with bcrypt hashing, magic link (passwordless) login, and OAuth via Google. Sessions are managed with short-lived JWTs and automatic token rotation.

Application Security

Our application implements Content Security Policy (CSP) headers, HSTS, X-Frame-Options DENY, input validation and sanitization, CSRF protection, and rate limiting. We perform regular dependency audits and keep all packages updated.

Compliance

We implement industry-standard security controls aligned with best practices. All financial data handling complies with Indian data localization requirements. We adhere to the Digital Personal Data Protection Act, 2023.

Reporting Vulnerabilities

If you discover a security vulnerability, please report it to security@10-10.cloud. We take all reports seriously and will respond within 48 hours.