AIVORAX privacy

We collect the minimum data required to authenticate users, operate integrations, and process waitlist requests.

Authentication state is managed by Clerk. Operational records and integration audit events are stored server-side in Supabase with row-level security enabled.

Access tokens for third-party services are kept in encrypted, httpOnly cookies and must never be copied into localStorage or client-side state containers.