Security Overview
PREATOM is built security-first, not security-bolted-on. Every layer of the stack is hardened.
AES-256-GCM Encryption
All sensitive metadata encrypted at rest. Keys managed via Supabase Vault with rotation support.
SHA-256/384/512 Hashing
Cryptographic seals computed on canonical contract payloads. Algorithm field preserved for migration safety.
Chain of Custody
Immutable forensic event chain with previous-hash linking. Database-level triggers prevent tampering.
RFC 3161 Timestamps
Trusted timestamp authority integration. Timestamp tokens stored alongside contracts.
Row-Level Security
PostgreSQL RLS enforced on all tables. Users can only access their own contracts.
OWASP Top 10
CSRF, XSS, SQL injection, SSRF, replay attack protections. Strict CSP and security headers.
Audit Logging
Every action logged with actor, timestamp, and cryptographic event hash.
Key Rotation
Versioned encryption keys with automated rotation jobs and re-encryption workflows.
Found a security vulnerability?
Report responsibly to security@preatom.com