← Back

Security

Architecture

REI Sales Coach is built on a security-first architecture:

  • No audio storage. Audio is streamed for transcription and immediately discarded. Only text transcripts are retained.
  • Multi-tenant isolation. Every database query is scoped by organization ID via Row Level Security (RLS). One team cannot see another team's data.
  • Encrypted in transit. All connections use TLS/SSL. WebSocket connections to the coaching gateway use WSS (encrypted).
  • Encrypted at rest. Database is hosted on Supabase with AES-256 encryption at rest.

Authentication

User authentication is handled by Supabase Auth with support for email/password and Google OAuth. Session tokens are stored in secure, HTTP-only cookies. The Chrome extension uses short-lived tokens that expire within 24 hours.

Infrastructure

  • Application hosting: Fly.io (gateway) and Vercel (dashboard), both with automatic TLS
  • Database: Supabase (managed PostgreSQL with pgvector)
  • Secrets management: All API keys and credentials stored as encrypted environment variables, never in source code

Data Access

Access to production systems is restricted. Customer data is only accessed for debugging with explicit customer permission. We do not sell, share, or use your data for training AI models.

Compliance

Teams can configure consent policies (one-party, rep-announces, or rep-reads-disclaimer) to comply with their jurisdiction's call recording laws. Transcript retention is configurable per team (default: 30 days).

Reporting Vulnerabilities

If you discover a security vulnerability, please report it to security@reisalescoach.ai. We take all reports seriously and will respond within 48 hours.