Security & Trust
How EmpireOS protects your data
EmpireOS uses account-based access and database-level security policies to keep user records separated. This page is maintained by the EmpireOS team and reflects the current beta posture — it is not an independent certification.
Account-based access
Every record is scoped to the signed-in account. Account A cannot read or write Account B records.
Row-level security (RLS)
Cloud tables enforce database-level policies, not just app-side checks. Reads and writes are filtered server-side.
Credential handling
Service-role keys live only on the server. The browser only ever sees the publishable key and your own session token.
Demo vs. cloud separation
Demo mode stays local in your browser. It never writes to cloud user tables.
Beta limitations
EmpireOS is in beta. We do not currently claim enterprise certifications (SOC 2, ISO 27001, HIPAA, etc.). Treat the product as a founder-facing operating system, not a regulated system of record. For sensitive regulated data (PHI, payment card data), wait for our enterprise tier.
On the security roadmap
- • Advanced team permissions and role-based access
- • Audit logs across critical actions
- • SSO (SAML / OIDC) for teams
- • Dedicated / private instances for enterprise
- • Formal security certifications and pen-test reports
Report a security concern
If you believe you've found a vulnerability or want to discuss our security posture, email support@greatmindsunlimited.net with details. Please give us a reasonable window to respond before any public disclosure.