BESTcyberIQ

Security at BESTcyberIQ

How we protect your data.

Our commitment to your data

BESTcyberIQ is a cybersecurity product — we hold ourselves to the same standards we help our customers achieve. Your assessment data is sensitive. It contains information about your organization's security gaps, control weaknesses, and risk posture. We treat it accordingly.

How your data is protected

  • Encryption at rest

    All data stored in Supabase (PostgreSQL on AWS) is encrypted at rest using AES-256.

  • Encryption in transit

    All data transmitted between your browser and our servers uses TLS 1.2 or higher. We enforce HTTPS across all endpoints.

  • Row Level Security

    Every database table is protected by Supabase Row Level Security (RLS) policies. Your data is cryptographically isolated — you can only access your own assessments and responses, even if you share a database with other users.

  • Authentication

    User authentication is handled by Supabase Auth, which uses industry-standard JWT tokens. Passwords are never stored in plaintext.

  • Payment security

    All payment processing is handled by Stripe, a PCI DSS Level 1 certified payment processor. BESTcyberIQ never stores, transmits, or has access to your credit card information.

  • Source map protection

    Production JavaScript bundles do not include source maps. Scoring logic and recommendation algorithms run server-side and are never exposed to the browser.

  • API security

    All API routes require authenticated Bearer tokens. Critical routes are rate-limited to prevent abuse.

  • Error monitoring

    Production errors are monitored via Sentry to ensure issues are identified and resolved quickly.

Infrastructure and providers

BESTcyberIQ is built on a stack of trusted, security-focused infrastructure providers:

ProviderPurpose
SupabaseDatabase, authentication, Row Level Security
VercelHosting, edge network, DDoS protection
StripePayment processing (PCI DSS Level 1)
ResendTransactional email delivery
RailwayPDF generation microservice
SentryError monitoring and alerting

What we do — and don't do — with your data

We DO

  • Use your data to provide the BESTcyberIQ service
  • Store your assessment history for trend tracking
  • Send transactional emails (assessment summaries, account notifications)
  • Process payments securely via Stripe
  • Delete your data within 30 days of account deletion request

We DON'T

  • Sell your data to third parties
  • Share your assessment results with advertisers
  • Use your data to train AI models
  • Store your credit card information
  • Share your data with cyber insurers or brokers without your explicit consent

Found a security issue?

We take security reports seriously. If you discover a vulnerability in BESTcyberIQ, please contact us at william@bestcyberiq.com with a description of the issue. We will respond within 2 business days and work to address confirmed vulnerabilities promptly.

We ask that you do not publicly disclose any vulnerability until we have had a reasonable opportunity to investigate and remediate it.

Questions about our security practices?

Contact usRead our Privacy Policy →
Feedback