How we build
TLB Cloud products are designed with read-controlled operations: automated processes are read-only by default, and write operations occur only when you explicitly confirm them. We capture pre-action snapshots where applicable, retained for 90 days.
Audit logging
Actions taken within our products are logged with user, timestamp, and outcome for accountability and reversal support.
Authentication
- Passkeys (WebAuthn) as the primary authentication method
- Optional MFA: TOTP app, SMS, or email OTP
- Passwords stored with bcrypt (cost factor 12)
- Sessions use httpOnly cookies with Secure and SameSite=Lax flags
- Sensitive operations require recent second-factor verification
Data protection
- OAuth tokens and sensitive credentials stored in encrypted vaults
- Multi-tenant isolation: all records scoped by customer with row-level security
- Infrastructure on Vercel (application) and Supabase Postgres (database), US regions
- Daily database backups with 7-day retention
What we don't do
We do not use your data for advertising, model training, or resale. TLB Cloud does not currently maintain SOC 2 or ISO 27001 certification.