Data Protection & Security

At TemplateFox, security is built into every layer of our platform. Here's how we protect your data and keep your documents safe.

Infrastructure Security

PDF generation runs on Google Cloud Run, which is SOC 2 Type II and ISO 27001 certified.
Frontend hosted on Vercel, with automatic HTTPS, DDoS protection, and edge network distribution.
Database and authentication powered by Supabase (built on AWS), with SOC 2 Type II compliance.
All infrastructure providers maintain rigorous third-party security audits and certifications.

Data Encryption

All data in transit is encrypted using HTTPS/TLS 1.2+ — no unencrypted connections are accepted.
Data at rest is encrypted with AES-256 across Supabase (database & storage) and Google Cloud.
SSL certificates are automatically managed and renewed.

PDF Processing & Data Handling

PDF generation is fully stateless — each request is processed in an isolated container that is destroyed after completion.
Template data and variables are processed in memory only and are never written to disk or logged.
Generated PDF files are automatically deleted after 30 minutes from storage.
We do not inspect, analyze, or retain the content of your generated documents.

Authentication & Access Control

User authentication is handled by Supabase Auth with secure JWT tokens.
API access is protected with unique API keys scoped to each user account.
Database access enforces Row-Level Security (RLS) — users can only access their own data.
Internal systems follow the principle of least privilege for all access permissions.

Application Security

Generated PDF download URLs use pre-signed URLs with expiration — they cannot be guessed or accessed after expiry.
API endpoints are protected with rate limiting to prevent abuse.
All user inputs are validated and sanitized to prevent injection attacks.
The frontend implements XSS and CSRF protections following OWASP best practices.

Payment Security

All payments are processed by Stripe, a PCI DSS Level 1 certified payment processor.
We never store, process, or have access to your credit card numbers or payment details.
Billing data is managed entirely within Stripe's secure infrastructure.

Employee Security

Access to production systems is strictly limited to authorized personnel.
All team accounts require strong passwords and two-factor authentication (2FA).
Access is reviewed regularly and revoked immediately when no longer needed.

Backups & Recovery

Database backups are performed automatically by Supabase on a daily basis.
Backup data is encrypted at rest and stored in a separate, secure location.
Disaster recovery procedures are in place to restore services in the event of an outage.

Compliance

We follow GDPR principles including data minimization, purpose limitation, and the right to erasure.
Our architecture is designed with privacy by design — we collect only the minimum data necessary to provide the service.
Users can request data export or account deletion at any time by contacting support.

Vulnerability Management

Dependencies are regularly updated and patched to address known vulnerabilities.
We use automated tools to monitor for security advisories in our dependency chain.
Infrastructure and application logs are monitored for anomalous activity.

Incident Response

In the event of a confirmed data breach, affected users will be notified within 72 hours in accordance with GDPR requirements.
We maintain an incident response process covering identification, containment, eradication, and recovery.
Post-incident reviews are conducted to prevent recurrence.

Have a security question?

If you have questions about our security practices or want to report a vulnerability, please contact us at vincent.ventalon.pro@gmail.com.

Automate your PDF generation

Complete documentation, no-code integrations, and a powerful API to help you generate PDFs at scale. Let us handle the boring stuff.

Start generating→Read the docs