Security

Last updated: April 19, 2026

Builder of Builders is a trust-based community platform. Security — of our infrastructure, our members' data, and the integrity of our invite-only model — is core to everything we build.

1. Our Approach

We take a layered security approach. No single layer is expected to be perfect; multiple layers combine to resist failures and attacks while keeping the platform usable for the community.

2. Infrastructure

• Application hosting: Vercel (SOC 2 Type II certified)
• Database and authentication: Supabase (SOC 2 Type II certified)
• File storage: encrypted object storage via our infrastructure providers
• DNS and short links: managed through enterprise DNS providers with DNSSEC support

3. Data Protection

3.1 Encryption

• In transit: TLS 1.2+ on all connections
• At rest: AES-256 encryption for databases and storage

3.2 Data Isolation

Member data is isolated using row-level security (RLS) policies enforced at the database layer. Each member's private data is scoped to their account; public data (public profiles, ventures, signals) is exposed only where explicitly configured.

3.3 Backups

• Automated daily database backups
• Point-in-time recovery available
• Backups encrypted at rest

4. Authentication and Access

• Passwords are hashed using industry-standard algorithms (bcrypt)
• Authentication sessions use secure, HTTP-only cookies
• OAuth-based sign-in uses PKCE to prevent authorization code interception
• Rate limiting on authentication endpoints prevents brute force attempts

5. Invitation Integrity

The invite-only nature of Builder of Builders is a security feature. We protect it through:

• Unique, signed invitation tokens that expire after acceptance or timeout
• Invite attribution — every accepted invite is linked to the inviter for audit
• Abuse detection on invitation patterns
• Ability to revoke invitations at any time before acceptance

6. Application Security

• Code reviewed before deployment
• Automated testing including Playwright end-to-end tests
• Dependency vulnerability scanning
• Secret scanning prevents accidental credential exposure

7. Monitoring and Incident Response

• Continuous monitoring for errors, anomalies, and security events
• Event logging for key application and security actions
• Documented incident response procedures
• Member notification in the event of a material security incident

8. Privacy

For how we handle personal data, see our Privacy Policy.

9. Responsible Disclosure

If you discover a security vulnerability in Builder of Builders:

• Email: security@builderofbuilders.com
• Provide sufficient detail to reproduce the issue
• Give us reasonable time to respond before public disclosure
• Do not access or modify other members' data

We welcome good-faith security research and will acknowledge reports promptly.

10. Member Responsibilities

As a member, you also play a role in security. We ask that you:

• Use a strong, unique password (or OAuth sign-in)
• Do not share your account credentials
• Report suspicious behavior from other members to support@builderofbuilders.com
• Keep your profile and contact information accurate

11. Contact

• Security issues: security@builderofbuilders.com
• Privacy inquiries: privacy@builderofbuilders.com
• General questions: support@builderofbuilders.com
• Website: builderofbuilders.com