Data Storage Policy

Effective Date: 2025/01/01
Last Updated: 2025/01/01

At Tsumos, we store user data securely using industry-leading technologies. This Data Storage Policy outlines how user data is stored, encrypted, and protected in our systems.

1. Data Storage Locations

We store data across several services:

  • Auth0: We store user authentication details such as login credentials, tokens, and account metadata in Auth0, which follows strict security and compliance practices.

  • Supabase: We store user profile data, application-specific data, and logs in Supabase databases. Supabase provides managed database services with strong data security protocols.

  • Vercel: Vercel hosts the backend of our application (Express.js) and frontend (Next.js). Vercel does not store user data directly; instead, it stores logs and deploys serverless functions and static files.

2. Data Encryption

All data stored in our systems is encrypted using industry-standard encryption techniques:

  • In Transit: All data is encrypted in transit using TLS (Transport Layer Security), ensuring that data is secure as it moves between users and our services.

  • At Rest: Sensitive data such as user passwords and authentication tokens is encrypted at rest using AES-256 encryption, both in Supabase and Auth0.

3. Access Control and Data Minimization

We implement strict access controls to ensure that only authorized personnel can access sensitive data. Access to user data is role-based and controlled by least-privilege principles.

  • Role-based Access: Only users who need access to the data for operational purposes will be granted access to it.

  • Data Minimization: We only collect and store the minimum amount of data necessary to provide our services. Personal data that is not needed for our operations will not be collected or retained.

4. Backup and Recovery

We regularly back up user data to ensure business continuity. Backup copies are stored securely and are encrypted both at rest and in transit.

  • Backup Retention: Backup data will be retained for [12 months], in compliance with the data retention policy.

  • Data Recovery: In the event of a data loss, backups will be used to restore lost information within a reasonable timeframe.

5. Third-party Providers

We use third-party services to manage user data and ensure that all third-party providers comply with relevant privacy and security regulations, including:

  • Auth0: A third-party authentication provider that securely stores user authentication data.

  • Supabase: A third-party service for managing databases and storage.

  • Vercel: A third-party platform for deploying our backend and frontend.

We ensure that these third-party providers have adequate security measures in place to protect your data.

Contact Us

If you have any questions or concerns about this policy or your personal data, please contact us at:

Email: [suraj_bhandari@tsumos.com]
Address: Tsukuba, Japan

TSUMOS

Privacy Policy

Terms of Service

Data Retention Policy

Data Archival and Removal Policy

Data Storage Policy

Contact us

LLM Data Tenancy Policy

LLM Data Residency Policy

LLM Retention Settings

© 2025 Tsumos. All rights reserved.

TSUMOS

Privacy Policy

Terms of Service

Data Retention Policy

Data Archival and Removal Policy

Data Storage Policy

Contact us

LLM Data Tenancy Policy

LLM Data Residency Policy

LLM Retention Settings

© 2025 Tsumos. All rights reserved.

TSUMOS

Privacy Policy

Terms of Service

Data Retention Policy

Data Archival and Removal Policy

Data Storage Policy

Contact us

LLM Data Tenancy Policy

LLM Data Residency Policy

LLM Retention Settings

© 2025 Tsumos. All rights reserved.