Back to Home

Aphelion Pvt. Ltd.

Security & Access Control

Effective Date: May 24, 2026

1. Security Philosophy

At Aphelion Pvt. Ltd., we apply industry-standard technical, organizational, and physical security measures to safeguard user records, profiles, and media assets. This summary provides transparency on how your data is protected inside our database, transit routes, and cloud environments.

2. Data Encryption Standards

We protect your information during transmission and storage:

  • Encryption in Transit (TLS): All communication between the Maleu mobile/web client and our API endpoints is encrypted using Transport Layer Security (TLS/HTTPS).
  • Encryption at Rest: Database tables inside our Supabase infrastructure are encrypted at rest. Photos and videos uploaded via the app are encrypted inside Cloudflare R2's secure storage buckets.
  • Message Security Notice: Message payloads are encrypted in transit and protected by database isolation rules, but they are not end-to-end encrypted. We recommend using E2E-encrypted messaging platforms if complete server-blind confidentiality is required. In-app biometric chat locking is a device-level access control.

3. Access Isolation & Row-Level Security

Our database design employs strict isolation controls:

  • Supabase Row-Level Security (RLS): Enabled on all database tables. This means that users can only read or write their own data, and cannot access records belonging to other accounts, preventing unauthorized horizontal escalation.
  • Role-Based Access Control (RBAC): Access to backend database control panels is strictly restricted to designated engineering leads inside Aphelion. We do not provide database direct access to third-party developers or marketing leads.

4. Content Auditing and API Safeguards

All submitted text blocks pass through client-side automated auditing before hitting our API. This mitigates standard input vulnerabilities, injection vectors, and prevents blatant policy-violating slurs or toxic text content from being stored.

5. Incident Response & Breach Notifications

In the unlikely event of a security breach compromising user database records, we will immediately initiate investigation, mitigate the vulnerability, and report the breach to the affected Data Principals and the Data Protection Board of India in full compliance with the DPDPA 2023.

To report any potential security vulnerability, bug, or threat, email us immediately at: fuy.aphelion@gmail.com.

Privacy PolicyTerms of Service

© 2026 Aphelion Pvt. Ltd. All rights reserved.