Last updated: 28 June 2026
Security
Security is foundational to IntellyPilot. This page summarises the controls we have in place to protect your data, credentials, and integrations.
Infrastructure
- Hosted on Vercel; database on Neon (EU region). Both providers are ISO 27001 and SOC 2 certified.
- All traffic served over HTTPS with TLS 1.2+.
- Data at rest is encrypted using provider-managed AES-256.
Credentials and integrations
- Third-party OAuth tokens and API keys are encrypted in the database using AES-256-GCM with a key held outside the database.
- Passwords are managed by Clerk; we never see or store plaintext passwords.
- Payment details are tokenised by Stripe; card numbers never touch our servers.
Access control
- Role-based access within each organisation (owner, admin, member).
- Single sign-on and two-factor authentication via Clerk.
- Internal access to production systems is restricted, logged, and audited.
Monitoring
- Application errors and performance are monitored via Sentry.
- Anomalies in authentication, billing, and rate-limited APIs are alerted on.
Incident response
We investigate suspected security incidents promptly and notify affected customers within 72 hours of confirming a personal-data breach, as required by the GDPR.
Reporting a vulnerability
Please email info@intellypilot.com with details of any vulnerability you discover. We acknowledge reports within 2 business days and will not pursue legal action against good-faith researchers who follow responsible disclosure.
Contact
Mondivio · Rotterdam · NL
info@intellypilot.com · +31 6 18 65 87 71