Security Architecture

1. Infrastructure & Hosting

Catalytic Signal is hosted on world-class, SOC 2 compliant cloud infrastructure. Our core application is deployed on Vercel, ensuring edge-network speed and DDoS protection. Our databases and authentication systems are powered by Supabase, running on dedicated AWS (Amazon Web Services) infrastructure.

2. Data Protection & Encryption

• Data in Transit: All communications between your browser, our Vanguard extension, and our servers are encrypted using TLS 1.2 or higher (TLS 1.3 preferred).
• Data at Rest: Customer databases are encrypted at rest using industry-standard AES-256 encryption.
• Cryptographic Hashing: The Global Data Moat deduplication engine does not store raw profiles indefinitely. It utilizes one-way cryptographic hashes (MD5/SHA-256) to identify duplicate leads without exposing underlying personally identifiable information (PII).

3. Application Security

We employ strict DevSecOps practices to ensure the code running in your browser is secure:

• Manifest V3 Compliance: The Vanguard Leads Chrome Extension is built on Google's strict Manifest V3 architecture, severely limiting cross-site scripting (XSS) attack vectors and preventing remote code execution.
• Content Security Policies (CSP): Strict CSP headers are enforced to prevent unauthorized data exfiltration.
• Authentication: We do not store plaintext passwords. All authentication is handled via Supabase using bcrypt hashing and secure, HttpOnly session tokens.

4. AI Provider Agreements

Catalytic Signal utilizes enterprise-tier APIs from our AI partners (e.g., OpenAI, Anthropic) to process the "Signal Score." We operate under strict zero-data-retention agreements. The text extracted by the Vanguard Engine is analyzed in real-time and immediately discarded by the LLM providers. Your extracted data is never used to train their models.