Security | Caliber Credentials Skip to content

Security

The records inside Caliber represent entire careers.

That demands more than a checkbox. Here is exactly how we protect your data — in plain language, no marketing fog.

01 Encryption

AES-256 at rest.

Documents in your vault are encrypted with AES-256 — the same standard trusted by banks, governments, and healthcare systems. Encrypted backups too. All traffic between your browser and our servers is TLS 1.3.

02 Access control

Scoped to your account.

Database access is gated by row-level security policies that pin every query to the authenticated user. Even if our application code had a bug, the database would still refuse to return another user's records. Only authenticated account holders can read their own vault.

03 Infrastructure

Hardened by default.

Caliber runs on Supabase and Vercel. Secrets are isolated by environment. Backups are encrypted at rest. Smart extraction (Pro) runs in isolated short-lived processes and the results are not retained for training.

04 Your data, your rules.

Export anytime. Delete anytime.

Strong password requirements, session rotation, and account-level audit logging. You can review every login and every document access from your settings. Full data export is available anytime. Delete your account and every byte is permanently removed.

FAQ

Security questions, answered.

How are my documents stored?

Documents are encrypted with AES-256 at rest. Database queries are scoped to your authenticated session via row-level security, so your records can only be returned to your account. Backups are encrypted using the same standard.

What happens if I forget my password?

You can reset your password from the login screen — we'll email you a reset link. Resetting does not affect the documents in your vault.

Does Caliber store patient data?

No. Caliber is built for individual medical professionals storing their own credentials — not patient data. For organization or PHI-related use cases, reach out to hello@calibercred.com.

Do you use my documents to train AI models?

No. Smart extraction (Pro) processes a document only when you explicitly request it, uses the result solely to populate your credential fields, and is not retained or used for training. We do not sell or share your data.

How do I report a security issue?

Email security@calibercred.com with details. We read every report and respond within one business day. Responsible disclosure is appreciated and acknowledged.

Responsible Disclosure

Found a security issue?

Email security@calibercred.com with details. We respond within one business day and credit every report.

Built for the ones who actually do the work.

Create your free profile

No credit card. No sales call. No 47-page form.