Company

Sayso Security

Sayso protects your data, your conversations, and your account access at every level. Security is built into how the product works, not added after.

1. Infrastructure & Encryption

Sayso runs on secure, managed infrastructure designed for reliability and protection.

  • Hosted on Heroku (US region)
  • Database powered by Supabase (PostgreSQL)
  • HTTPS enforced across the platform
  • TLS 1.2+ for all connections
  • Data encrypted in transit and at rest

Your data is protected both while being sent and while stored.

2. Authentication & Access

Access is tightly controlled across the system so only the right users can see the right data.

  • Secure login with Supabase (JWT-based)
  • Short-lived session tokens
  • Two-factor authentication (2FA) supported
  • Server-side validation on every request
  • Role-based access controls
  • Database-level protection (Row Level Security)

This ensures each account is isolated and protected.

3. Application Security

We actively protect against common vulnerabilities and attacks.

  • Strict security headers (CSP, HSTS, X-Frame-Options)
  • Protection against cross-site scripting (XSS)
  • Secure API validation and routing
  • Electron app protections:
    • Context isolation enabled
    • Node integration disabled
    • Controlled microphone permissions

These safeguards reduce risk across both web and desktop environments.

4. Call Data

Sayso processes conversations in real time to provide guidance during calls.

We may store:

  • Transcripts
  • Conversation signals
  • Notes

This data is encrypted and access-controlled at all times. Call recordings are never stored. We only store what is necessary to support the product and improve performance.

5. Payments

All payments are handled through Stripe, a trusted and secure payment provider.

  • Stripe is PCI-compliant
  • All transactions are encrypted
  • Your billing information is never stored inside Sayso

6. Monitoring & Backups

We continuously monitor systems and maintain backups to keep data safe and available.

  • Application and infrastructure logging
  • Alerts for unusual activity
  • Database backups

These systems help us detect issues early and recover quickly if needed.

7. Incident Response

If a security issue occurs, we follow a clear process to resolve it quickly.

  • Detect and contain the issue
  • Fix the root cause
  • Restore systems
  • Review and improve

If users are impacted, we will notify you within 48 hours.

Questions?

If you have any questions about security, contact: support@asksayso.com