Your data stays yours. Always.

Security built into every layer of the observatory.

Read-Only by Design

Your observatory observes — it never touches. Varsal only requests read-only permissions from your integrations. We never modify, delete, or write data to your connected services.

Encrypted at Rest & Transit

All integration credentials are encrypted at rest using AES-256-GCM. Data in transit uses TLS 1.3. Keys are never stored in plaintext.

Minimal Footprint

Your observatory only stores what it needs. We cache aggregated metrics for your dashboard and discard raw API responses after processing. You can delete all your data at any time.

Your Observatory is Secured With

Hosted on Vercel's edge network (global CDN)

Database on Supabase (PostgreSQL with Row Level Security)

All credentials encrypted with AES-256-GCM

Environment variables isolated per deployment

No third-party tracking or analytics inside your observatory

Access Controls

Row Level Security (RLS) ensures tenants can only access their own data

API routes validate session tokens on every request

Integration credentials are decrypted server-side only, never sent to the browser

Session tokens expire and refresh automatically via Supabase Auth

Compliance

GDPR-ready data handling practices

Data Processing Agreement available on request

Regular security reviews and dependency audits

Open to customer security questionnaires