โ† Back to DivDip

๐Ÿ”’ Security at DivDip

DivDip is operated by Backchannel Capital LLC. We take the security of your data seriously. This page summarizes the technical and operational controls we have in place to protect your account and information.

Data Protection

  • Your data is stored in Supabase (SOC 2 Type 2 certified), hosted in the United States
  • Row-level security enforces that users can only access their own data โ€” even at the database layer
  • All data is encrypted in transit (TLS) and at rest
  • DivDip will never sell, rent, or trade your personal data to third parties

Authentication

  • Magic link only โ€” no passwords stored, no password breach risk
  • Each login link is single-use and expires after 1 hour
  • Sessions expire after inactivity

Payments

  • Payments processed by Stripe (SOC 2 Type 2, PCI DSS Level 1 certified)
  • No payment card data ever touches DivDip servers
  • All billing is handled entirely within Stripe's secure environment

Infrastructure

  • Application hosted on Vercel (SOC 2 Type 2 certified)
  • Automated deployments from a private GitHub repository
  • Uptime monitoring via UptimeRobot with 5-minute check intervals
  • All API keys and secrets are stored as encrypted environment variables โ€” never in code

Your Rights

  • You can delete your account and all associated data at any time from Settings
  • Data deletion is processed within 30 days
  • For GDPR requests or data questions, contact privacy@divdip.com

Reporting a Vulnerability

If you believe you've found a security vulnerability in DivDip, please report it responsibly to security@divdip.com. We will respond within 48 hours.

Last updated: April 2026 ยท Operated by Backchannel Capital LLC ยท Alabama, USA