← Back to FADE

At FADE, your data security is a priority. This page describes how we protect your information and the security practices of the third-party services we rely on.

TLS/HTTPS Encrypted No Video Storage PCI DSS Level 1 SOC 2 Type II Cookieless Analytics

Data in Transit

All communication between your browser and FADE is encrypted using TLS 1.2+ (HTTPS). This includes video uploads, analysis results, authentication, and payment flows. No data is transmitted in plain text.

Video Data Security

Your uploaded videos follow a secure processing pipeline:

  • Upload: Video is transmitted directly from your browser to our backend over HTTPS.
  • Processing: The video is temporarily uploaded to Google's Gemini File API for AI analysis. Google processes the video in their secure infrastructure.
  • Deletion: After analysis is complete, the video file is deleted from Google's servers. FADE does not permanently store your video files on any server.
  • Results only: Only the AI-generated analysis (scores, text findings, recommendations) is stored, never the video itself.

Authentication Security

User authentication is handled by Clerk, an enterprise-grade identity platform:

  • Clerk is SOC 2 Type II certified.
  • Passwords are hashed using bcrypt, we never have access to plain-text passwords.
  • Session tokens are short-lived and securely managed.
  • Multi-factor authentication (MFA) is supported.

Payment Security

All payment processing is handled by Stripe, a PCI DSS Level 1 certified payment processor, the highest level of payment security certification:

  • FADE never sees, transmits, or stores your full credit card number or CVV.
  • Payment forms are served directly from Stripe's secure servers.
  • All payment data is encrypted at rest and in transit within Stripe's infrastructure.

Infrastructure Security

FADE is hosted on Vercel (frontend) and Supabase (backend/database):

  • Vercel: SOC 2 Type II certified. Global edge network with automatic DDoS protection, Web Application Firewall, and TLS termination.
  • Supabase: SOC 2 Type II certified. PostgreSQL database with row-level security, encrypted at rest (AES-256), hosted on AWS in the United States.
  • API security: All backend API calls require authenticated sessions. Database access uses row-level security policies to ensure users can only access their own data.

Data Access Controls

  • Database access is restricted to authenticated API requests with valid session tokens.
  • Row-level security (RLS) in Supabase ensures users can only read and modify their own analyses.
  • Administrative access to production databases is limited to the founding team and requires multi-factor authentication.
  • Third-party services access only the minimum data required for their function.

Vulnerability Reporting

If you discover a security vulnerability in FADE, please report it responsibly:

  • Email: fade.app.mail@gmail.com with subject line "Security Vulnerability Report"
  • Include a description of the vulnerability, steps to reproduce, and potential impact.
  • We will acknowledge receipt within 48 hours and provide a timeline for resolution.
  • Please do not publicly disclose the vulnerability until we have had a reasonable opportunity to address it.

Questions

For security-related questions or to request additional information for your organization's security review:

FadeByMigz LLC
Email: fade.app.mail@gmail.com
Phone: (509) 400-0005