Security Overview

PREATOM is built security-first, not security-bolted-on. Every layer of the stack is hardened.

๐Ÿ”

AES-256-GCM Encryption

All sensitive metadata encrypted at rest. Keys managed via Supabase Vault with rotation support.

๐Ÿ›ก๏ธ

SHA-256/384/512 Hashing

Cryptographic seals computed on canonical contract payloads. Algorithm field preserved for migration safety.

โ›“๏ธ

Chain of Custody

Immutable forensic event chain with previous-hash linking. Database-level triggers prevent tampering.

โฑ๏ธ

RFC 3161 Timestamps

Trusted timestamp authority integration. Timestamp tokens stored alongside contracts.

๐Ÿ”’

Row-Level Security

PostgreSQL RLS enforced on all tables. Users can only access their own contracts.

๐ŸŒ

OWASP Top 10

CSRF, XSS, SQL injection, SSRF, replay attack protections. Strict CSP and security headers.

๐Ÿ“‹

Audit Logging

Every action logged with actor, timestamp, and cryptographic event hash.

๐Ÿ”‘

Key Rotation

Versioned encryption keys with automated rotation jobs and re-encryption workflows.

Found a security vulnerability?

Report responsibly to security@preatom.com