Security
Deliteful is built on modern, security-focused infrastructure with strict temporary data handling and isolation controls. All processing is deterministic — no probabilistic or AI-based behavior — enabling predictable and auditable outcomes.
Infrastructure Security
- Frontend delivered via Vercel’s global edge network
- File processing performed in isolated Modal serverless environments
- Temporary object storage via Cloudflare R2 with automatic cleanup
- Supabase used for authentication, database access, and Row-Level Security (RLS)
File Handling & Isolation
- No long-term file storage at any stage
- Files are deleted automatically based on your plan retention window (typically 1 to 3 days)
- No routine human access to uploaded file contents
- Files are never used for analytics, logging, or AI training
- Per-plan upload and batch limits enforce safe resource usage
Encryption & Network Protection
- All network traffic encrypted in transit via HTTPS
- R2 access controlled through signed, time-limited URLs
- Cloudflare provides automated DDoS mitigation and bot protection
- Supabase sessions are protected with encryption and RLS policies
Access Controls
Access to production systems is restricted and limited to authorized personnel only, following the principle of least privilege. Administrative access is used solely for maintenance, debugging, and security purposes.
Incident Response
Deliteful monitors infrastructure and application behavior for security issues. In the event of a confirmed security incident affecting user data, we will take appropriate remediation steps and notify affected users in accordance with applicable laws and our legal obligations.
Shared Responsibility
While Deliteful implements security controls to protect the Service, users are responsible for safeguarding their account credentials, maintaining strong passwords, and controlling access to their own data and workflows.