Eazy Grades is built to protect private study materials, account access, generated content, and billing workflows. This page summarises the safeguards used across the production app and how to contact us about security concerns.
- Authentication is handled by Supabase Auth with secure session cookies.
- Google sign-in is supported for users who prefer federated authentication.
- Password reset and account emails are sent through authenticated transactional email.
- Administrative pages are restricted to approved owner/admin accounts.
- Uploaded documents and generated study materials are stored in a managed Supabase environment.
- Application access checks are designed so users only access their own projects, documents, exams, and papers.
- Ask Eazy Grades AI is designed to answer from content in the user's own workspace, not as an unrestricted general chatbot.
- Payments are processed by Stripe. Eazy Grades does not store full card details.
- Production hosting runs on Vercel with HTTPS enforced at the edge.
- Security headers restrict framing, content sniffing, referrer leakage, and unnecessary browser permissions.
- Errors and operational issues are monitored through Sentry and platform logs.
- API routes use server-side validation, authenticated sessions, service-role separation, and rate limits where appropriate.
Eazy Grades uses domain authentication records for SPF, DKIM, and DMARC. Inbound mail is handled through Zoho Mail, while transactional product email is sent through Resend.
Report a Security Issue
If you believe you have found a security issue, email support@eazygrades.com. Include enough detail for us to reproduce the issue, but do not access, alter, or disclose data that does not belong to you.
Our machine-readable security contact is available at /.well-known/security.txt.