Security
How we protect your data and our infrastructure
Infrastructure
EmergencyAPI is hosted on enterprise-grade, SOC 2 Type II certified infrastructure:
| Provider | Service | Certification |
|---|---|---|
| Vercel | API hosting, CDN, edge network | SOC 2 Type II |
| Supabase | PostgreSQL database, authentication, RLS | SOC 2 Type II |
| GitHub | Source control, CI/CD pipelines | SOC 2 Type II |
All data is encrypted in transit (TLS 1.3) and at rest (AES-256).
API Security
- API key authentication required on all data endpoints
- Dual-layer rate limiting: in-memory fast path plus durable Supabase-backed store
- Strict input validation on all query parameters
- CORS configured for legitimate origins
- No PII stored. API keys are the only user credential
Data Security
- Row Level Security (RLS) enforced on all database tables
- Supabase Security Advisor: 0 errors, 0 warnings
- No user data shared with third parties
- Incident data sourced exclusively from official government emergency service feeds
- All data sources operate under open government licences
Compliance
| Standard | Status | Details |
|---|---|---|
| CAP-AU (Common Alerting Protocol) | Aligned | Externally validated, 0 errors on AU Profile |
| AIDR Warnings Republisher | 11/12 obligations met | Retraction schema, source attribution, CAP Cancel detection |
| Supply Nation | Registered | 100% Indigenous-owned (Kokatha) |
| SOC 2 Type II | Via infrastructure providers | Hosted on Vercel + Supabase (both SOC 2 certified) |
For our full compliance posture including per-agency licensing status, see the Compliance page.
Responsible Disclosure
If you discover a security vulnerability, please report it to support@seysolutions.com.au. We will acknowledge receipt within 48 hours and work to resolve confirmed issues promptly.
Contact
Security inquiries: support@seysolutions.com.au
General inquiries: hello@seysolutions.com.au