Security
Your financial data deserves serious protection. Here's exactly how we keep it safe.
Encrypted in Transit
All data between your device and YesBill servers is encrypted using TLS 1.2+. Your billing records and account credentials are never sent over plain HTTP.
Secure Data Storage
Data is stored on Supabase (PostgreSQL) with Row-Level Security (RLS) policies. This means database queries are enforced at the database level — you can only access your own data, always.
Authentication Security
Passwords are hashed using bcrypt before storage — we never see or store your plaintext password. We support secure magic-link login and OAuth via Google, minimising password-related risk.
No Data Selling
Your billing data is yours. We do not sell, share, or use your personal data for advertising. Third-party integrations (Brevo, Gemini AI) receive only the minimum data required to function.
Infrastructure
- ›Database: Supabase (PostgreSQL) with Row-Level Security on all tables. JWT-authenticated queries only.
- ›API: FastAPI backend on Fly.io with rate limiting on all endpoints to prevent abuse.
- ›PDF Files: Stored in Supabase Storage and accessible only via authenticated, time-limited signed URLs.
- ›Secrets: API keys (Brevo, Gemini) are stored as environment secrets — never committed to code.
Found a security issue?
We take security reports seriously. If you discover a vulnerability, please contact us directly rather than making it public.
support@yesbill.in