Security
Last updated 3 July 2026
Security matters even at this stage. Here is how your data — and your clients' — is protected.
1. Infrastructure
Atelo runs on Supabase (managed Postgres and Storage) with modern hosting. All data is encrypted in transit using HTTPS/TLS.
2. Access control
Every board is protected by Postgres row-level security, so a studio can only ever read or write its own data. Privileged operations use scoped service credentials that are never exposed to the browser.
3. Authentication
Accounts use email and password. Passwords are hashed and never stored in plain text. Client swipe links require no account and never expose your dashboard or other boards.
4. Data minimalism
We collect only what the product needs to work. Client responses are anonymous. API keys and secrets are kept server-side and out of version control.
5. Responsible disclosure
Found a vulnerability? Please email [email protected] before disclosing it publicly, and we will work with you to fix it quickly.
Questions about this page? Email [email protected].