← Back to home

Security Architecture

Last updated: April 8, 2026

1. Platform Overview

ByeBoss is built as a web application with Supabase for authentication and database storage, Stripe for billing, and approved AI providers for financial analysis features. We design the platform so sensitive financial data is scoped to the signed-in user and protected at multiple layers.

2. Authentication and Access Control

  • User authentication is handled through Supabase Auth.
  • Protected application routes require an authenticated session.
  • Database access is constrained with row-level security so users can access only their own records.
  • Server-side administrative actions require service-role access and are not exposed directly to clients.

3. Data Storage and Encryption

Application data is stored in Supabase-managed PostgreSQL and object storage. Uploaded documents and structured financial data are stored in authenticated buckets and tables tied to your user identity. Transport to the application uses HTTPS, and Supabase stores project data using encrypted infrastructure.

4. Bank Connection Model

When bank connectivity is enabled, ByeBoss uses Plaid for the connection flow. Bank credentials are entered into Plaid's hosted experience rather than directly into ByeBoss. ByeBoss stores the resulting connection metadata needed to sync financial data, not your raw online banking password.

5. AI Processing Boundaries

AI features may process user financial context and conversation history to generate answers and summaries. That processing is sent only to the providers used to deliver the assistant experience. We aim to send only the data required for the requested analysis and do not expose service-role credentials to those providers.

6. Billing and Payment Security

Payments are processed by Stripe. ByeBoss does not store full payment card numbers on its own servers. Subscription state and billing references are stored so we can manage access to paid features and customer support workflows.

7. Monitoring and Operational Controls

  • Protected API routes enforce authentication checks.
  • Assistant endpoints apply request validation and rate limiting.
  • Security-sensitive features such as app PIN protection are handled with fail-closed behavior when status checks fail.
  • We use deployment logs and application telemetry to investigate failures and suspicious behavior.

8. Responsible Use and Disclosure

If you believe you have found a security issue, contact security@byeboss.ai with the affected URL, steps to reproduce, and any relevant screenshots or logs. Please do not publicly disclose security issues until we have had a reasonable opportunity to investigate and remediate them.