Security Architecture

AES-256 at rest across all stored data. TLS 1.3 enforced in transit with no fallback to older protocols. Supabase row-level security (RLS) ensures users can only access their own data — even at the database query level.

Multi-factor authentication required on all accounts. Session timeouts enforced. IP logging on every authenticated request. Failed login attempt monitoring with automatic lockout.

All products proxied through Cloudflare WAF. Geographic access controls block high-risk origin countries at three layers: Supabase Edge Function, Cloudflare WAF rule, and frontend runtime check. Content Security Policy headers enforced on all pages.

Tariff data sourced directly from USITC public API (hts.usitc.gov) — no third-party data brokers. Grant data sourced from Grants.gov public database. Classification research cross-referenced against CBP CROSS binding rulings database (cbp.gov/trade/rulings).

In the event of a suspected security incident, affected users will be notified within 72 hours via the email address on their account. Full incident reports available on request.

Desert Oasis Digital LLC was founded by a former Army Civilian Intelligence Officer with specialized training in OPSEC, Technical Surveillance Mitigation, and High-Threat Tradecraft. Security is not a feature — it is the foundation.

Responsible disclosure: will@desertoasisdigital.com
We take all reports seriously and respond within 48 hours.