Supatool - Trust Center
Compliance and Security Portal for Supatool.
Security Commitment
Supatool is purpose built to build forms, take payments, and collect signatures.
We hold ourselves to a commitment to quality. To us, security is an essential part of that quality - not a layer that we add later, but something we build in from the start.
The content available here details how we address security within our product, our supporting technology, and our operational practices.
Framework overview
25Policies
13Controls
6Subprocessors & Vendors
3Resources
FAQ
All private data exchanged with Supatool is always encrypted. We require the use of HTTPS or SSH to access Supatool.
Transmission via SSL/TLS requires a minimum 2048 bit RSA or 256 bit elliptic curve keys. Supatool uses TLSv1.2 and above to encrypt data during transit.
Supatool requires all customers choose the region where their most valuable asset, their data, is stored.
Supatool operates isolated regions in the US, Canada, UK, Europe, and Australia. If you need your data stored in another region this is available for Enterprise customers, please contact sales@supatool.io for more information.
At Supatool, we care deeply about the safety and security of our customer’s data. This is why we greatly value any inputs from our community that can help us detect vulnerabilities in our product.
If you have discovered an issue that is not part of our out-of-scope vulnerabilities, please send an email to security@supatool.dev with the following details:
- A summary of the issue and potential impact
- A breakdown of the steps to replicate the issue
- Details of the environment you are using
- If available, any proof-of-concept code to exploit the vulnerability
- Upon receiving your email, our team will start investigating the issue. We will keep you updated on the progress and may reach back for further details if needed. Once the issue is resolved we will update our customers.
Learn more at https://supatool.io/security/vulnerability