Last reviewed 2026-05-10Pricing

Trust & security

Your geospatial data, protected by default.

Cadastral records, infrastructure networks, customer locations. Here is exactly how GeoPilot protects them, with no marketing fog.

OAuth + 2FA via IdPPostgres RLSAES-256Revocable sharesAudit log

TLS · AES-256 · RLS

How we protect your data

Defense in depth, by default.

Six controls that ship for every customer on every tier. Not toggles, not upsells.

OAuth sign-in, 2FA delegated

Sign in with Google or GitHub. No passwords stored, no password database to leak. Two-factor enforcement is delegated to your identity provider and honored through the OAuth flow.

Tenant isolation in Postgres

Projects, members, audit rows, connections, all gated by row-level security. A bug in app code cannot cross the tenant boundary.

org_iduser_emailproject_id

AES-256-GCM for credentials

When you connect your own Postgres or PostGIS, the password is encrypted before it ever reaches our database. Per-row IV, authenticated tag, versioned ciphertext.

v1:base64(iv||ct||tag)

Encryption + hardened transport

TLS 1.2+ everywhere with HSTS preload-eligible. AES-256 at rest. Strict referrer, MIME-sniff blocked, framing denied by default.

TLS 1.2+HSTSAES-256no-sniffframe-deny

Share links expire by default

Every public dashboard URL is a random token pinned to a frozen snapshot. New links expire after 90 days. Revoke any link and it stops resolving immediately.

Random token90-day TTLRevocableSnapshot pinned

Audit log with PII minimized

Every org mutation writes a row capturing who, what, when, and from where. IPs truncated to /24 (IPv4) or /48 (IPv6) so household identity is not retained.

actoractiontargetip /24timestamp

Built on

Audited infrastructure.

We name our subprocessors so you can verify the underlying compliance posture.

Vercel

App hosting and edge compute

SOC 2 Type II · ISO 27001

Supabase

Postgres, auth, object storage

SOC 2 Type II · HIPAA

Google Cloud

Large file and snapshot storage

SOC 2 · ISO 27001/27017/27018

Sentry

Error monitoring

SOC 2 Type II

PostHog

Product analytics (optional, EU-host)

SOC 2 Type II

Razorpay

Payments (India market)

PCI DSS Level 1

Want a heads-up when this list changes? Subscribe to subprocessor changes

Secure development

Caught before it ships.

Static analysis, dependency monitoring, and required review on every change to production.

SAST on every PR

GitHub CodeQL with the security-extended query pack runs on every pull request and weekly against the existing codebase. Findings block merge until triaged.

Dependency monitoring

Dependabot watches npm and GitHub Actions weekly. Security advisories raise an immediate PR; routine bumps are grouped to keep noise low.

Reviewed before merge

All production code lands through a pull request with a passing CI check and a reviewer signoff on the main branch. No direct pushes to production.

What you control

You own your data and the outputs we generate. You can leave with everything you brought, plus the work you did here.

Export any time as Shapefile, GeoJSON, KML, GPKG, CSV, or Parquet.
Revoke any share or embed link with one click. Token invalidated server-side.
Delete your account from settings. Project data and personal info removed.
Projects are private to you and your organization by default.

What we don't claim

We would rather be honest about gaps than oversell. If any of these block your procurement, talk to us about Enterprise.

Not currently SOC 2 or ISO 27001 certified ourselves. We run on infrastructure that is.
Data residency defaults to US. EU residency and on-prem available on Enterprise.
Independent security review available on request for Enterprise customers.

Responsible disclosure

Found something that looks wrong?

We respond within one business day and credit researchers who give us a reasonable window to fix before publishing. Disclosure policy is also published per RFC 9116.

security@smartbhujal.com