Authentication
Accounts use Supabase authentication with email/password and OAuth providers. API routes require an authenticated user before returning or mutating account data.
Security overview
Security
Practices.
The Archive.ai is built around authenticated access, user-scoped document records, managed infrastructure, and conservative handling of uploaded document content.
Security contact
support@thearchiveai.xyzInclude the affected account, impact, reproduction steps, and whether you accessed any data that was not yours.
User-scoped data
Document records are tied to user IDs, and document API reads filter data by the authenticated account. Stored files use generated paths instead of user-provided filenames.
Transport and storage
The production app is designed for HTTPS transport. Database, object storage, secrets, and payment data rely on managed infrastructure controls from Supabase, Vercel, Stripe, and related providers.
Document processing
Uploaded files are parsed into text, split into searchable chunks, and processed for embeddings and answers. The app sends the minimum document context needed for the requested AI workflow.
Operational controls
Server-only keys stay out of the browser, Stripe webhooks are verified, upload size and rate limits are enforced, and billing state is checked before plan-limited operations.
Compliance posture
We do not advertise third-party certifications such as SOC 2 or HIPAA unless they are formally completed. Regulated teams should contact us for a security review before uploading sensitive workloads.
Responsible disclosure
Please do not access, modify, delete, or share data that does not belong to you. Report suspected vulnerabilities with enough detail for us to reproduce and verify the issue.