Security

Explore how I ensure data security and regulatory compliance on my website

Skip to main content

At Luan Nguyen Design, ensuring the security and protection of your data is paramount. I prioritize the implementation of industry-leading security measures to safeguard your information. Below is an overview of my approach to security:

Hosting and Infrastructure

I utilize Vercel for secure hosting and infrastructure. For more details, refer to the Vercel Security. page.

My infrastructure is hosted on the frontend cloud, utilizing Vercel's serverless platform to ensure robust security standards.

Certificates and Compliance

Vercel adheres to several industry standards and certifications, including:

  • ISO 27001: Information security management
  • SOC 2: Operational and security controls
  • PCI DSS: Payment card data protection
  • HIPAA: Healthcare data protection
  • GDPR: Data privacy across Europe
  • DPF: Data Privacy Framework

DDoS protection

Vercel provides scalable application security and DDoS mitigation through multiple layers of protection:

  • L3/L4 DDoS protection: Global protection at every edge location
  • Global L7 Firewall: Enterprise DDoS support and automatic mitigation for all plans
  • Custom rule management: Powerful rules engine to create and enforce custom rules
  • Attack challenge mode: Verification challenges for visitors during attacks
  • Web application firewall: Integrated next-level security

Observability and Management

  • Real-time monitoring: Visibility into key metrics and production deployments
  • Managed rulesets: Protect against top priority risks, including OWASP Top 10
  • Rate limiting: Control the frequency of requests (Beta)
  • Instant rollback: Quickly revert firewall rules
  • Instant propagation: Changes seen globally within 300ms

Redundancy and High availability

  • Automatic failover: Traffic routed to nearest region during incidents
  • Multi-layered redundancy: Static assets replicated across Vercel Edge Network
  • Anycast routing: Ensures lowest latency

Workspace security

  • Role-based access control: Assign roles to manage permissions
  • Deployment protection: Secure preview and production URLs
  • Audit logs: Track team activity (Enterprise)
  • Directory sync: Manage memberships from third-party identity providers (Enterprise)
  • Code owners: Ensure proper code review and context

Supabase Security

SOC 2 compliance

Supabase is SOC2 Type 2 compliant, an important security policy when handling sensitive customer data. Enterprise and Team customers can access the SOC2 report on the dashboard.

HIPAA compliance

Supabase is HIPAA compliant, allowing the storage of Protected Health Information (PHI) on the hosted platform once a Business Associate Agreement (BAA) is signed and HIPAA obligations are fulfilled under the shared responsibility model. Enterprise and Team customers can request to sign the BAA on the dashboard.

Data encryption

All customer data on Supabase is encrypted at rest with AES-256 and in transit via TLS. Sensitive information like access tokens and keys are encrypted at the application level before storage in the database.

Role-based access control

Members of organizations in Supabase can be granted access to specific resources with fine-grained access controls, including Read-Only and Billing-Only access.

Backups

All paid customer databases are backed up daily. Point in Time Recovery allows restoring the database to any point in time, available as an add-on for Pro Plan customers.

Payment processing

Supabase uses Stripe to process payments and does not store personal credit card information. Stripe is a certified PCI Service Provider Level 1, the highest level of certification in the payments industry.

Vulnerability management

Supabase conducts regular penetration tests with industry experts and uses tools like GitHub, Vanta, and Snyk to scan code for vulnerabilities.

DDoS protection

Supabase combats Distributed Denial of Service attacks through multiple measures, including CDN-level protection via Cloudflare and fail2ban to prevent brute force logins. Users can customize rate limits for critical API routes and set spend caps to prevent surprise bills.

Data encryption

All data transmitted between your browser and my servers is encrypted using SSL/TLS. I employ encryption-at-rest to ensure stored data remains secure.

Access control

Access to your data is restricted to authorized personnel only. Multi-factor authentication (MFA) is enforced for accessing sensitive systems.

Compliance and Certifications

I adhere to rigorous industry standards and regulations, leveraging Vercel's robust compliance framework. Vercel adheres to ISO 27001 for information security management, SOC 2 for operational and security controls, PCI DSS for payment card data protection, HIPAA for healthcare data protection, and GDPR and DPA for data privacy across Europe. These certifications ensure that my infrastructure meets the highest standards of security, privacy, and regulatory compliance.

Third-Party services

I utilize trusted third-party services such as Vercel and Supabase to enhance security measures. For more details, refer to the Vercel Security and Supabase Security pages.

Reporting security vulnerabilities

I encourage responsible disclosure of security vulnerabilities. Please report any security concerns to hello@luannguyen.design.

Updates and Monitoring

Regular security audits and monitoring are conducted to detect and mitigate threats. Updates and patches are applied promptly to maintain the security of my systems.

Contact me

For more information about my security practices or to report any security issues, please contact me at hello@luannguyen.design.

Disclaimer

Luan Nguyen Design reserves the right to update and modify the information on this page as necessary to reflect current security practices and measures.