Last updated: 28 June 2026

Security

Security is foundational to IntellyPilot. This page summarises the controls we have in place to protect your data, credentials, and integrations.

Infrastructure

• Hosted on Vercel; database on Neon (EU region). Both providers are ISO 27001 and SOC 2 certified.
• All traffic served over HTTPS with TLS 1.2+.
• Data at rest is encrypted using provider-managed AES-256.

Credentials and integrations

• Third-party OAuth tokens and API keys are encrypted in the database using AES-256-GCM with a key held outside the database.
• Passwords are managed by Clerk; we never see or store plaintext passwords.
• Payment details are tokenised by Stripe; card numbers never touch our servers.

Access control

• Role-based access within each organisation (owner, admin, member).
• Single sign-on and two-factor authentication via Clerk.
• Internal access to production systems is restricted, logged, and audited.

Monitoring

• Application errors and performance are monitored via Sentry.
• Anomalies in authentication, billing, and rate-limited APIs are alerted on.

Incident response

We investigate suspected security incidents promptly and notify affected customers within 72 hours of confirming a personal-data breach, as required by the GDPR.

Reporting a vulnerability

Please email info@intellypilot.com with details of any vulnerability you discover. We acknowledge reports within 2 business days and will not pursue legal action against good-faith researchers who follow responsible disclosure.

Contact

Mondivio · Rotterdam · NL
info@intellypilot.com · +31 6 18 65 87 71