Security
Security you can count on
Your congregation's data deserves enterprise-grade protection. Here's exactly how we protect it at every layer — no vague promises, just specifics.
AES-256-GCM
Credential encryption
HTTPS / TLS 1.2+
All connections
Row Level Security
Database-enforced
Invite-only access
No self-registration
Origin validation
Per-domain allow-list
How we protect your church
Every layer of the stack — from credentials to the database to your website.
Credential encryption
AES-256-GCMCHMS API keys, OAuth secrets, and tokens are encrypted at rest using AES-256-GCM before storage. We never log or expose credentials in plain text at any layer of the stack.
Encryption happens server-side before any credential touches the database. Decryption only occurs in-memory at request time.
Access control
Row Level SecurityData is scoped by church at the database level using PostgreSQL Row Level Security. Users can only access data for their own church — enforced in the database itself, not just application code.
Team access is invite-only. No self-registration. Role-based permissions control who can see or manage what within your church.
Origin validation
Per-domainEvery widget API request is validated against a list of domains you explicitly approve. Requests from any unapproved domain receive no data and no CORS headers.
Your congregation's data only flows to websites you control. There is no way to embed Firesky features on an unauthorized domain.
Infrastructure
Supabase + VercelFiresky is built on Supabase (managed PostgreSQL) and Vercel (edge CDN). Data is encrypted at rest and in transit. All connections use HTTPS/TLS 1.2+.
We don't operate our own database servers or CDN infrastructure. We build on proven, audited platforms so we focus on your experience — not ops.
Full data deletion
PermanentChurches can permanently delete all their data at any time from Settings. We delete everything: church profile, credentials, domains, tools, invites, and support tickets.
No soft deletes, no backups retained, no data held 'just in case.' When you delete, it's gone.
Built on infrastructure you can trust
We don't build our own database servers or CDN. Firesky runs on Supabase and Vercel — two of the most trusted platforms in the industry, used by thousands of companies worldwide.
Supabase
Managed PostgreSQL with built-in Row Level Security, encrypted at rest, automated backups.
Vercel
Global edge network, DDoS protection, automatic HTTPS, serverless functions.
HTTPS everywhere
TLS 1.2+ on all connections. No plain-text data transmission at any point.
Responsible disclosure
If you believe you've found a security vulnerability in Firesky, please let us know right away. We'll investigate and respond promptly, and we appreciate responsible disclosure.
info@thefiresky.com