LEX|OCULUS
EXIT →

Security Policy

Effective Date: February 19, 2026

1. Data Encryption

  • At Rest: All data stored in our databases is encrypted using AES-256.
  • In Transit: All communications are secured with TLS 1.2 or higher.

2. Access Control

  • OAuth Tokens: Your GitHub access tokens are encrypted with AES-256 before storage and decrypted only at the moment of use.
  • Row-Level Security: Database policies ensure strict user isolation. Users cannot access each other's scans or reports.
  • Principle of Least Privilege: Internal systems access only the data necessary for their function.

3. Infrastructure

Our infrastructure is hosted on enterprise-grade cloud platforms (e.g., Vercel, Supabase) that maintain SOC 2 Type II and ISO 27001 certifications.

4. Vulnerability Disclosure

If you discover a security vulnerability, please report it responsibly to: founder@lexoculus.com. We commit to:

  • Acknowledging receipt within 48 hours.
  • Providing an initial assessment within 7 business days.
  • Resolving critical vulnerabilities promptly.

We do not currently offer a formal bug bounty program.