Skip to main content

Your data, protected

Security at Scholium

Your study materials are private and valuable. We take security seriously with industry-standard encryption, access controls, and responsible AI practices.

Infrastructure Security

Enterprise-grade infrastructure from trusted providers.

Hosting

Deployed on Vercel's edge network with automatic DDoS protection and global CDN.

Database

Supabase (PostgreSQL) with encrypted connections, regular backups, and point-in-time recovery.

Storage

Files stored in Supabase Storage with server-side encryption at rest.

CDN

Static assets served via Vercel Edge Network with HTTPS enforced globally.

Data Protection

Your study materials are encrypted and private.

Encryption in Transit

All connections use TLS 1.3 encryption. HTTPS is enforced site-wide.

Encryption at Rest

Database and file storage are encrypted using AES-256 encryption.

No AI Training

Your data is never used to train AI models. We use zero-retention API policies.

Data Portability

Export all your data at any time. You own your study materials.

Authentication & Access

Modern authentication with defense in depth.

OAuth 2.0 + PKCE

Secure authentication with Google, Apple, and email magic links.

Session Management

Secure, httpOnly cookies with automatic expiration and refresh.

Row-Level Security

PostgreSQL RLS ensures users can only access their own data.

API Authentication

Scoped API keys with rate limiting for developer integrations.

Third-Party AI Processing

How we handle data when using AI features.

OpenAI API

We use OpenAI for AI features. Data is processed but not stored or used for training.

Zero Retention

API requests are configured with zero data retention policies where available.

Minimal Data

We send only the minimum context needed for each AI operation.

Transparent Processing

You can see exactly when AI features are being used in the interface.

Responsible Disclosure

Found a security vulnerability? We appreciate your help in keeping Scholium secure. Please report issues responsibly.

Report vulnerabilities to:
security@scholium.app

Please include detailed steps to reproduce the issue. We'll respond within 48 hours.