← Back to FADE
Security
Last updated: March 20, 2026
At FADE, your data security is a priority. This page describes how we protect your
information and the security practices of the third-party services we rely on.
TLS/HTTPS Encrypted
No Video Storage
PCI DSS Level 1 (Stripe)
SOC 2 Type II (Clerk, Supabase, Vercel)
Cookieless Analytics
Data in Transit
All communication between your browser and FADE is encrypted using TLS 1.2+ (HTTPS). This
includes video uploads, analysis results, authentication, and payment flows. No data is
transmitted in plain text.
Video Data Security
Your uploaded videos follow a secure processing pipeline:
-
Upload: Video is transmitted directly from your browser to our backend
over HTTPS.
-
Processing: The video is temporarily uploaded to Google's Gemini File API
for AI analysis. Google processes the video in their secure infrastructure.
-
Deletion: After analysis is complete, the video file is deleted from
Google's servers. FADE does not permanently store your video files on any server.
-
Results only: Only the AI-generated analysis (scores, text findings,
recommendations) is stored — never the video itself.
Authentication Security
User authentication is handled by Clerk, an enterprise-grade identity
platform:
- Clerk is SOC 2 Type II certified.
- Passwords are hashed using bcrypt — we never have access to plain-text passwords.
- Session tokens are short-lived and securely managed.
- Multi-factor authentication (MFA) is supported.
Payment Security
All payment processing is handled by Stripe, a PCI DSS Level 1 certified
payment processor — the highest level of payment security certification:
- FADE never sees, transmits, or stores your full credit card number or CVV.
- Payment forms are served directly from Stripe's secure servers.
-
All payment data is encrypted at rest and in transit within Stripe's infrastructure.
Infrastructure Security
FADE is hosted on Vercel (frontend) and
Supabase (backend/database):
-
Vercel: SOC 2 Type II certified. Global edge network with automatic DDoS
protection, Web Application Firewall, and TLS termination.
-
Supabase: SOC 2 Type II certified. PostgreSQL database with row-level
security, encrypted at rest (AES-256), hosted on AWS in the United States.
-
API security: All backend API calls require authenticated sessions.
Database access uses row-level security policies to ensure users can only access their own
data.
Data Access Controls
-
Database access is restricted to authenticated API requests with valid session tokens.
-
Row-level security (RLS) in Supabase ensures users can only read and modify their own
analyses.
-
Administrative access to production databases is limited to the founding team and requires
multi-factor authentication.
- Third-party services access only the minimum data required for their function.
Vulnerability Reporting
If you discover a security vulnerability in FADE, please report it responsibly:
-
Email: fade.app.mail@gmail.com with subject
line "Security Vulnerability Report"
-
Include a description of the vulnerability, steps to reproduce, and potential impact.
- We will acknowledge receipt within 48 hours and provide a timeline for resolution.
-
Please do not publicly disclose the vulnerability until we have had a reasonable
opportunity to address it.
Questions
For security-related questions or to request additional information for your organization's
security review:
FadeByMigz LLC
Email: fade.app.mail@gmail.com
Phone: (509) 400-0005