Security
How We Protect Your Archive
Last updated: May 2026
1. Encryption
Your data is encrypted at rest and in transit.
At rest: Supabase encrypts all data at rest using AES-256 encryption. Your voice recordings, photographs, and deposits are stored in private storage buckets, not publicly accessible under any circumstances.
In transit: All data transmitted between your devices and Basalith uses TLS 1.3 encryption. No data travels unencrypted.
Voice clone data: Your ElevenLabs voice clone is stored under your archive’s private identifier. The voice ID is never publicly accessible. Voice portraits are served through time-limited signed URLs that expire after 1 hour.
2. Access Control
Only designated people can access your archive.
- ·Archive owners: Authenticated via bcrypt-hashed passwords with 12 salt rounds, the same standard used by banks.
- ·Contributors: Authenticated via 64-character cryptographically random tokens generated using crypto.getRandomValues, not guessable by brute force.
- ·Database isolation: Row Level Security is enforced on every table at the database level, not just the application level. Even a misconfigured application cannot access data across archive boundaries.
- ·No shared access: Your archive data is never visible to other archive owners, contributors of other archives, or Basalith employees in the normal course of operations.
3. Voice Clone Security
Voice clone data is one of the most sensitive assets in your archive. We treat it accordingly.
Your voice clone is created from recordings you provide. The clone is stored under a private identifier associated only with your archive.
Voice portraits are delivered via time-limited signed URLs. They cannot be forwarded or accessed after expiry.
We do not use your voice clone for any purpose other than generating your voice portraits. It is not accessible to other archives, other users, or third parties.
If you suspect your voice data has been compromised contact us immediately: security@basalith.ai
4. Cloud Infrastructure
Basalith processes data on cloud infrastructure. We are transparent about this.
Where your data lives:
Each platform has its own security certifications (SOC 2, ISO 27001).
Anthropic does not train on API data by default. Your deposits and entity conversations do not improve Anthropic’s general models.
For enterprise clients with specific data residency requirements contact enterprise@basalith.ai
5. Multi-Factor Authentication
Coming Q3 2026.
Multi-factor authentication for archive login is on our roadmap. Until MFA is available:
- ·Use a unique, strong password for your Basalith archive.
- ·Do not share your password with anyone except designated Legacy Guide contacts.
- ·Contact us immediately if you suspect unauthorized access.
Security concerns: security@basalith.ai
General privacy questions: privacy@basalith.xyz