AI Bytes Learning is built on infrastructure trusted by thousands of enterprises worldwide. Your staff data is protected at every layer — from authentication to storage to payments.
— Infrastructure Compliance
Vercel — SOC 2 Type II
Application hosting
Supabase — SOC 2 Type II
Database & authentication
Stripe — PCI DSS Level 1
Payment processing
UK GDPR Compliant
Data Protection Act 2018
Encryption at rest
All data stored in Supabase PostgreSQL is encrypted using AES-256. Backups are encrypted by default.
Encryption in transit
TLS 1.3 enforced on all connections. HTTPS is mandatory — no unencrypted traffic permitted.
Row-level security (RLS)
Database-enforced access control. Users can only ever read their own records — no application-layer bypass possible.
Data residency
Data stored in EU (West Europe) region. UK/EU organisations can request data residency confirmation.
OAuth 2.0 / Social login
Sign-in via Google and LinkedIn. No passwords stored on our servers — authentication delegated to trusted providers.
Multi-factor authentication
MFA available for all accounts via Supabase Auth. TOTP-based authenticator app support.
Organisation access control
Admins can manage which staff have access. Seats can be provisioned, suspended, or revoked at any time.
SSO / SAML (enterprise)
SAML 2.0 integration with Active Directory, Okta, Azure AD available for enterprise licences.
Secure API architecture
All API routes are authenticated server-side. Admin routes require elevated privileges enforced at the database layer.
Input validation
All user inputs are validated and sanitised. SQL injection and XSS protections enforced throughout.
Content security policy
Strict CSP headers enforced by Vercel Edge Network on all responses.
Dependency management
Automated dependency scanning via GitHub Dependabot. Critical patches applied within 48 hours.
UK GDPR compliant
Full compliance with the UK General Data Protection Regulation and Data Protection Act 2018.
Data Processing Agreement
A signed DPA is available for enterprise customers on request. Supabase sub-processor DPA provided.
Data subject rights
Staff can request access, rectification, or deletion of their data at any time via our privacy team.
Breach notification
Confirmed breaches reported to the ICO within 72 hours. Affected organisations notified without undue delay.
These commitments apply to all customers including enterprise licence holders.
— Enterprise Procurement Checklist
Is a Data Processing Agreement (DPA) available?
Yes — available on request for enterprise licence holders. Contact our team.
Where is data stored geographically?
EU West (Ireland) region via Supabase. UK data residency available on request.
Do you support SSO / SAML with our identity provider?
Yes — SAML 2.0 integration with Azure AD, Okta, Google Workspace available on enterprise plans.
What is your uptime SLA?
Platform targets 99.9% uptime. Vercel and Supabase each publish their own SLA and status pages.
Has a penetration test been conducted?
Scheduled for Q3 2026. Results shared under NDA with enterprise customers on request.
How are security vulnerabilities disclosed?
Responsible disclosure via security@aibyteslearning.com. Critical issues patched within 48 hours.
Is two-factor authentication available?
Yes — TOTP-based MFA available for all accounts. Can be enforced organisation-wide for enterprise licences.
Are sub-processors listed and DPA-covered?
Yes — key sub-processors include Supabase, Vercel, Stripe, and ElevenLabs. Full list and DPAs available on request.
Our team is happy to complete your organisation's security questionnaire, provide documentation, or arrange a technical call.
security@aibyteslearning.com