Trust & Safety

Security
& Privacy.

How we protect your data

“No ad scripts. No tracking pixels. No third-party data brokers. Your activity on Folio is yours.”

— Folio Security Commitment

◎

Clerk Auth

Enterprise-grade

◈

AES-256

Encrypted at rest

↑

TLS 1.3

Encrypted in transit

✦

SOC 2

Certified providers

◎

Authentication

User authentication is handled by Clerk, an enterprise-grade auth provider. Passwords are never stored by Folio. All sessions use short-lived JWTs with automatic rotation.

◈

Data Encryption

All data is encrypted at rest (AES-256) and in transit (TLS 1.3). Database connections use SSL. API keys are stored as environment variables, never in code.

↑

Infrastructure

Folio runs on Vercel (edge network) and Supabase (PostgreSQL on AWS). Both providers maintain SOC 2 Type II certification. We use Cloudflare for DDoS protection.

✦

Vulnerability Disclosure

Found a security issue? Email security@folio.estate. We take all reports seriously and will respond within 48 hours. We do not pursue legal action against good-faith security researchers.

★

No Advertising Infrastructure

Folio runs no advertising network integrations. No third-party ad scripts, no tracking pixels, no behavioral profiling. What you do on Folio stays on Folio.

Found a vulnerability?

Responsible disclosure welcome.

We respond within 48 hours. No legal threats for good-faith research.