Security

Last updated: December 7, 2025

Our Commitment to Security

At Tilvo, we take the security of your data seriously. We implement industry-standard security practices to protect your information and maintain your privacy.

Data Protection

  • Encryption in Transit: All data transmitted between your device and our servers is encrypted using TLS/SSL.
  • Encryption at Rest: Your data is encrypted when stored in our databases.
  • Access Controls: We implement strict access controls to ensure only authorized personnel can access your data.
  • Regular Security Audits: We conduct regular security audits and penetration testing to identify and address potential vulnerabilities.

Authentication & Authorization

We use Clerk for authentication, providing:

  • Multi-factor authentication (MFA) support
  • Secure session management
  • Password hashing using industry-standard algorithms
  • OAuth integration for social login providers

Infrastructure Security

  • Hosting: Our application is hosted on secure, SOC 2 compliant infrastructure.
  • Database: We use managed database services with automated backups and point-in-time recovery.
  • Monitoring: We employ real-time monitoring and alerting for security incidents.

Data Privacy

Your data belongs to you. We:

  • Never sell your personal information to third parties
  • Only collect data necessary to provide our services
  • Allow you to export or delete your data at any time
  • Comply with GDPR, CCPA, and other privacy regulations

Third-Party Services

We carefully select third-party services that meet our security standards:

  • Clerk - Authentication and user management
  • Vercel/Railway - Application hosting
  • Neon/Supabase - Database services
  • Upstash - Redis caching
  • PostHog - Privacy-focused analytics
  • Sentry - Error tracking and monitoring

Incident Response

In the event of a security incident, we have procedures in place to:

  • Immediately contain and remediate the issue
  • Notify affected users within 72 hours
  • Conduct a thorough post-incident analysis
  • Implement measures to prevent similar incidents

Responsible Disclosure

If you discover a security vulnerability, please report it to us responsibly by emailing security@tilvo.us. We appreciate your help in keeping Tilvo secure.

Contact Us

If you have questions about our security practices, please contact us at security@tilvo.us.