Our stance
LoadConsensus is built on managed infrastructure that handles the foundational security primitives so we don’t have to roll our own. Specifically:
- All traffic is served over TLS 1.2+. The marketing site, application, and API redirect HTTP to HTTPS at the edge.
- Authentication is handled by Supabase Auth. We default to magic-link sign-in and do not store, hash, or have any view of user passwords on our side. Sessions are kept in httpOnly cookies.
- The application database has Postgres row-level security enabled on every table. Public-read tables are scoped to anonymous SELECT only; write paths go through service-role server code, never the browser.
- API keys are stored as sha-256 hashes. The raw key is shown once at creation and never again. Per-key daily quotas are enforced at the edge.
- Secrets (database URLs, Stripe keys, SendGrid keys, Anthropic keys) live in Vercel and DigitalOcean environment configuration and are never committed to source control. Production secrets are not shared with development environments.
- Customer payment data never touches our infrastructure. Card numbers and CVCs are collected directly by Stripe Elements and exchanged for tokens client-side. We store the Stripe customer and subscription IDs only.
- Backups are managed by Supabase with point-in-time recovery on the production project.
Vulnerability disclosure
If you find a security issue — anything from an exposed key in a JS bundle, to an auth bypass, to a logic flaw in the rate limiter — please report it. We’d much rather hear from you first.
- Email security@loadconsensus.com with a description, reproduction steps, and the impact you believe it has.
- We will acknowledge receipt within 72 hours. We aim to ship a fix or mitigation within 14 days for high-severity issues and faster for anything actively exploitable.
- We do not currently run a paid bug bounty. We do credit researchers in our public changelog (unless you prefer to remain anonymous), and we will not pursue legal action against good-faith research that respects the scope below.
- Out of scope: denial-of-service tests, social-engineering attacks against our vendors or operators, automated scanner output without a working reproduction, and findings on third-party services we depend on (please report those directly to the vendor).
A machine-readable /.well-known/security.txt file mirrors this contact information.
Sub-processors
We rely on the following vendors to operate the service. Each has access only to the data needed for its role.
| Vendor | Role |
|---|---|
| Supabase | Postgres database and authentication (US-East-1) |
| Vercel | Web hosting, CDN, edge functions |
| DigitalOcean | Cron workers and background jobs |
| Stripe | Subscription billing and payment processing |
| SendGrid | Transactional and alert email delivery |
| Anthropic | LLM extraction for state PUC IRP digests (public-domain content only) |
| MaxMind | IP-to-ASN lookup database (offline, loaded into our workers) |
Compliance
LoadConsensus is a small operation and does not currently hold SOC 2, ISO 27001, or similar third-party certifications. If your procurement process requires one, email security@loadconsensus.com and we’ll discuss what we can offer in writing — typically a vendor security questionnaire and the underlying configuration of our sub-processors.
Contact
Security issues: security@loadconsensus.com. Everything else: hello@loadconsensus.com.