Security

Our Commitment

Your database schema is sensitive infrastructure information. We take its protection seriously. This page describes the security measures we use to keep your data safe.

Encryption

Authentication

Authentication is handled through Supabase Auth with GitHub OAuth. We use secure, HTTP-only session cookies. We never store your GitHub password. CLI authentication uses short-lived tokens that can be revoked at any time from the dashboard.

Access Controls

Schema data is strictly isolated per user and project. Row-level security (RLS) policies ensure that no user can access another user's data, even in the event of an application-level vulnerability. All database queries are enforced through Supabase RLS.

What We Store

SchemaLens stores only your schema metadata — DDL definitions such as table structures, functions, policies, triggers, and indexes. We never access, store, or transmit your actual database row data, credentials, or connection strings beyond the initial introspection performed locally by the CLI.

Infrastructure

• Web application — hosted on Vercel with serverless functions, automatic DDoS protection, and edge caching
• Database — managed PostgreSQL on Supabase with automated backups, point-in-time recovery, and network isolation
• CLI — runs locally on your machine; schema introspection happens locally and only the resulting metadata is sent to our servers

Incident Response

In the event of a security breach that affects your data, we commit to notifying affected users within 72 hours of confirmed discovery. We will provide details about the nature of the breach, affected data, and recommended actions.

Responsible Disclosure

If you discover a security vulnerability in SchemaLens, please report it responsibly to security@schemalens.dev. We appreciate your help in keeping SchemaLens secure and will acknowledge valid reports.