Security Overview

CREEDA applies layered technical and organizational safeguards for athlete, wellness, and account data. Security disclosure version: 2026.04.03.

1. Encryption and Storage Controls

• Encryption in transit via TLS.
• Cloud-provider encryption at rest for managed data stores.
• Access control boundaries between application roles.

2. Hosting and Subprocessors

Core service providers include:

• Supabase (backend infrastructure, database, and authentication)

• Primary data hosting region: India
• Secondary region: Singapore
• Planned GDPR-oriented region: European Union (for GDPR users)

3. Identity and Access Management

• Role-based access design for athlete, coach, and admin paths.
• Session-based authentication and least-privilege enforcement.
• Operational access restricted to authorized personnel only.

4. Consent and Audit Trail

Legal acknowledgements, key rights requests, and critical data operations are tracked to support compliance and accountability.

5. Vulnerability and Incident Management

• Security patches and dependency updates are applied on a risk-priority basis.
• Suspected incidents are triaged and investigated with urgency.
• Material incidents are communicated to affected stakeholders per applicable law.

6. Shared Responsibility

Users and organizations must protect account credentials, configure role access responsibly, and report suspected misuse quickly.

7. Security Contact

Report vulnerabilities or urgent security concerns to creedaperformance@gmail.com | +91 9769911923.