Security & Trust
What we actually verify to keep your data safe, our current sub-processors, and how to report a vulnerability. This page states only what a real, running check backs — nothing here is aspirational.
1. Data Handling and Encryption
All data is encrypted in transit using TLS and at rest using AES-256 encryption, via Supabase's managed PostgreSQL infrastructure. Every table storing your data enforces row-level security so one account's rows are never a valid query target for another account's session.
For the full description of what we collect and why, see the Privacy Policy.
2. Tenant Isolation Testing
We maintain an automated probe that pairs two separate test accounts and attempts to read or modify each other's workflows, run history, connections, and templates across every authenticated API route. It enforces complete coverage: the moment a new authenticated route ships without an isolation check or a documented exemption, the probe's self-audit fails the build. A successful cross-account read or write is treated as a critical incident, not a bug ticket.
Row-level security enforces this boundary in the database on every query — no account's rows are a valid query target for another account's session.
3. Secret and Log Hygiene
We run an automated scan over our source code that blocks any change from merging if it introduces a hardcoded credential (API keys, tokens, service-role secrets) or a code path that would log a secret, an access token, or a raw request body into our error tracker or application logs.
4. Sub-Processors
We use the following third-party services to operate Conductor Deck. Each processes data only as necessary to deliver its function.
- Supabase — database, authentication, and row-level security enforcement.
- Stripe — payment processing and subscription billing.
- Vercel — application hosting and deployment.
- Pipedream — third-party service connections and workflow action execution.
- Anthropic — AI workflow generation and AI chat (only when you use those optional features).
- Resend — transactional email delivery.
- Sentry — error monitoring.
This list matches the Sub-Processors section of the Privacy Policy. If it ever changes, we notify subscribed customers in advance.
5. Data Residency
Customer data is stored in a single US region on Supabase's infrastructure. We do not currently offer multi-region storage, data residency selection, or EU-local hosting.
6. Deletion and Export
You can export a JSON snapshot of your account data (profile, preferences, devices, subscription) and your individual workflows at any time from Settings → Danger Zone and the workflow canvas, respectively.
Deleting your account permanently removes your workflows, run history, and connected accounts, and cancels any active subscription. This action is irreversible and is rate-limited to prevent accidental repeated triggers.
7. Vulnerability Disclosure
If you believe you've found a security vulnerability in Conductor Deck, we want to hear about it. Email us with enough detail to reproduce the issue.
Safe Harbor
We will not pursue legal action against you for good-faith security research that: stays within your own test account (never accesses another customer's data), avoids service disruption, and is reported to us before any public disclosure. Give us a reasonable window to fix the issue before you share it publicly. We're happy to credit you by name (with your permission) once a report is confirmed and fixed.
We do not currently run a paid bug bounty program.