Security at Alchemyst
We treat the security of your research data as a first-order concern. Here is how we protect it.
Encryption in transit and at rest
All data is encrypted using TLS 1.3 in transit and AES-256 at rest. Your research data and uploaded documents are protected end-to-end.
Tenant isolation
Each organisation's data is stored in a logically isolated environment. There is no cross-tenant data access or sharing under any circumstances.
GDPR compliance
Alchemyst is designed to support GDPR compliance for European users. A Data Processing Agreement (DPA) is available on Professional and Enterprise plans.
Document isolation
Files you upload for Paper Analysis or Company Documents are processed in isolated environments. Your proprietary formulations never leave your tenant's data store.
Access controls
Role-based access with Supabase Auth. Session tokens are short-lived. Enterprise clients can configure SSO and custom access policies.
Data Processing Agreement
A formal DPA is available to all Professional and Enterprise clients as standard. Contact us at contact@alchemyst.one to request your DPA.
Infrastructure and subprocessors
| Subprocessor | Purpose | Location |
|---|---|---|
| Supabase | Database, authentication, file storage | EU / US |
| Google Analytics | Anonymised website analytics | US |
| Microsoft Clarity | Anonymised session analytics | US |
| Stripe | Payment processing (no card data stored by Alchemyst) | US / EU |
To request a Data Processing Agreement, report a security concern, or ask questions about our security practices, contact us at contact@alchemyst.one.