Security

Security & Trust

Your customer data is the most sensitive thing you store. We treat it that way.

TLS 1.3 for every request. AES-256 at rest on Supabase-managed Postgres.

Postgres RLS isolates each org. No customer ever sees another customer’s data.

Email + password with optional magic links. Sessions are short-lived JWTs you can revoke.

Every contact event, automation fire, and stage change is recorded with timestamp and source.

Point-in-time recovery via Supabase. Daily snapshots retained for 30 days.

HSTS, X-Frame-Options, nosniff, strict referrer policy, and a locked-down permissions policy.

Report a security issue

If you believe you’ve found a vulnerability, please email security@hitthosting.com. We respond to reports within one business day.