Equalora
Equalora.ai
Calm, practical tools for family court.

Equalora.ai

Security Policy

Last updated: December 2025

Equalora.ai takes the security of your data seriously. This page summarizes the technical and organizational measures we use to help protect information stored in the Service.

1. Infrastructure

Equalora.ai is hosted on reputable cloud providers, including Netlify (frontend) and Supabase (database, authentication, storage). These providers maintain physical and network security controls and undergo regular security reviews.

Learn more about our infrastructure providers’ security programs: Supabase Security · Netlify Security.

These links are provided for transparency about underlying platform controls; Equalora.ai remains responsible for application-level security and access controls within our Service.

2. Encryption in transit and at rest

  • Traffic to and from the Service is protected using HTTPS (TLS).
  • Data stored in Supabase (including files and database records) is encrypted at rest by the underlying cloud infrastructure.

3. Authentication & access control

  • Customer data is isolated using database-enforced controls, including Supabase Row Level Security (RLS).
  • Sign-in uses a multi-step verification process, which may include one-time verification codes sent to the account email address.
  • Passwords are never stored or logged in plaintext. Supabase's managed authentication service stores password hashes and manages credential verification.
  • Authentication sessions are managed via secure, HTTP-only cookies.
  • Internal access to production systems is restricted to a small number of authorized maintainers and protected by separate access controls.
  • We never ask for your password or one-time verification codes over email or in support channels.

4. Rate limiting, account protection & session safety

  • To reduce the risk of brute-force and credential-stuffing attacks, repeated failed sign-in attempts may trigger temporary restrictions or additional verification.
  • Verification codes are time-limited and tied to a sign-in attempt. Repeated incorrect entries can invalidate the attempt and require a restart.
  • User sessions inside the web application expire after inactivity to reduce risk from unattended browsers.
  • Password reset links are time-limited, single-use tokens that are stored as hashed values in the database and can only be redeemed once.

5. Data minimization

We only collect information necessary to operate Equalora.ai and provide features like document storage, OCR, AI summaries, and subscriptions. We do not sell your personal data.

6. AI providers

When we send data to AI providers (e.g., for OCR or text generation), we do so over encrypted channels and under terms that restrict use of your data to providing the requested service. We do not permit training of public or shared models on your private case data.

7. Backups & recovery

Supabase manages backups of the database and storage. These backups are encrypted and retained for limited periods to support recovery in the event of operational incidents. We periodically review recovery procedures to ensure we can restore service if needed.

8. Monitoring & security logging

Equalora.ai records security-relevant events such as failed sign-in attempts, account protections, password resets, and verification outcomes. These logs are used to detect suspicious activity, support incident investigations, and improve our security posture. Access to these logs is restricted to authorized personnel.

9. Account security tips

  • Use a strong, unique password that you don’t reuse elsewhere.
  • Protect your email account with multi-factor authentication (MFA), since email may be used for verification and password resets.
  • Keep your device and browser up to date.
  • Avoid signing in on shared computers, or sign out when finished.

10. Security education resources

Security is a shared effort. We encourage users to learn practical, non-technical steps to reduce risk—especially around password safety, phishing, device updates, and account protection.

Recommended: CISA Project UpSkill — Module 1 (Basic Cybersecurity for Personal Computers and Mobile Devices).

11. Responsible disclosure

If you believe you have found a security vulnerability in Equalora.ai, please contact us immediately at security@equalora.ai. Please do not attempt to access data that isn't yours. We will investigate and take appropriate action.

12. Contact & response

We treat security reports and suspected incidents with urgency. We aim to acknowledge reports promptly, investigate quickly, and remediate confirmed issues in a timely manner based on severity and impact. When appropriate, we will notify affected users and provide guidance to help protect their accounts.

13. Updates

We may update this Security Policy as our infrastructure and practices evolve. Significant changes will typically be reflected in product updates, release notes, or an updated effective date on this page.