Log in

Menu

PricingDocsCLIMCPIntegrationsChangelogLog in
Security & trust

Your plan is your work. Here's exactly how we protect it.

No marketing security theatre — just the actual controls we run today, the third parties involved, and the promises that are easy to verify.

Data

Where your work lives.

StorageSupabase Postgres. Every row is owned by your account and isolated by row-level security policies enforced at the database — not at the application layer.
Encryption at restAES-256, managed by Supabase. Encryption keys are not accessible to the application or to Hilla.
Encryption in transitTLS 1.2+ on every connection. HTTP is redirected to HTTPS at the edge.
BackupsDaily snapshots by Supabase with point-in-time recovery. Retention follows the Supabase plan we run on.
IsolationProject data is gated by RLS keyed on the owner's user_id. A request without a valid Supabase JWT returns zero rows — not a filtered subset.

AI

Who sees your prompts.

ProvidersWe route AI through OpenRouter and Anthropic. We don't run our own model. The active providers and model identities are intentionally not exposed inside the product so we can swap them without breaking your workflow.
Retention at the providersZero data retention is configured at the provider level wherever offered. OpenRouter requests use providers with no-log mode. Anthropic's standard policy keeps prompts for abuse review only, deleted within 30 days, and never used for training.
What gets sentOnly the content of the chat turn or plan request — the project board, the user's message, and the relevant context window. We don't send account metadata, billing details, or other users' data.
TrainingWe never train on customer data. None of our AI providers train on Hilla customer data under our contracts. Period.
Prompt loggingWe store a short-lived record of each AI call for billing reconciliation and crash debugging. Drops after 30 days. Available on request, deletable on request.

Auth

How we identify you.

MethodsEmail + password, Google OAuth, and magic-link sign-in via Supabase Auth.
Session storageHTTP-only cookies. Sessions auto-refresh in the background. Server-side route protection runs at the middleware layer before any page renders.
Password storageHashed with Argon2 by Supabase. Hilla never sees a plaintext password — not at sign-up, not at sign-in, not at password reset.
MFANot yet exposed in the product. Available at the Supabase layer and will surface in account settings before public launch.

Sharing

Public boards and invites.

Share linksView-only and edit-link variants. Both are gated by an unguessable token that can be revoked from the share modal at any time.
CollaboratorsInvited by email. Only the owner can revoke. Permissions are checked server-side on every mutation — not client-side guesses.
Public discoveryNothing in your account is indexed or discoverable unless you generate a share link. Share tokens are not enumerable.

Integrations

Connecting outside services.

OAuth tokensStored in the project_integrations table, encrypted at rest, scoped to the connecting user. Revoking the integration deletes the token immediately.
Widget dataLive data from Vercel, GitHub, Sentry, PostHog, Stripe, Supabase, etc. is fetched server-side using your stored token. Hilla doesn't proxy your raw API responses through any third party.
MCP serverPer-user MCP tokens are scoped to your account. Every MCP tool call is rate-limited and audit-logged.

What we don't do

Promises easier to verify than "trust us."

We don't sell your data.Not now, not after a fundraise, not on exit. If that ever changes, the change ships before it takes effect, with a 30-day notice and an export tool.
We don't train on your data.Not for our own models. Not for any third-party model. Not even with consent — it's not a feature we want to offer.
We don't share with advertisers.There are none. The business model is credit-based usage, not data resale.
We don't proxy unrelated traffic through your account.Every AI call, every widget fetch, every database read happens under your own identity. We do not run shared resources where one user's prompt can be returned to another user's session.

Honest disclosures

  • Hilla is in public beta. Some of the controls above are mature (RLS, encryption, auth); others (MFA, SOC 2, formal audit trails) are on the roadmap and not yet shipped.
  • We're a small team. We don't have a security@ inbox staffed 24/7. We do have a security@ inbox staffed by the founders. For anything time-sensitive, that's the right address.
  • If you find something that looks like a vulnerability, please report it privately first — security@hilla.ai — before going public. We'll respond within 48 hours.