Security

Dedication to security is one of the foundational principles of Supernova. We’ve designed the product and infrastructure to follow industry-leading standards in security and availability.

Best practices

At Supernova we appreciate the risks and sensitivity of data. Security is the top principle of our engineering team and we've designed Supernova to follow best practices from day one.

Secrets, such as credentials to your data sources, are doubly encrypted at rest using database encryption and an additional layer of encryption via Amazon KMS. They are only readable by a service that's inaccessible from the public internet.

Infrastructure

Supernova infrastructure runs on AWS, on US-based data centers.

Deployment is spread across three availability zones to ensure uptime. EC2 instances and databases exist within a private subnet unreachable from the outside internet.

Access to the private subnet is via a network load balancer in a public subnet. All connections within the subnets are encrypted with mTLS; all requests to the load balancer require TLS. Unencrypted connections are rejected.

Our infrastructure is deployed as code using Terraform. This enables us to cleanly separate encrypted secrets from the source code and to audit infrastructure changes as we would code changes.

SOC 2

Supernova is SOC 2 Type 2 certified. You can reach us at security@supernova.ai to request our most recent SOC 2 Type 2 report.

External audits and researchers

Supernova contracts with third-party security vendors for regular assessments and penetration tests.