Security

Security overview

How Telene approaches infrastructure, access control, datasets, logging, backups, and responsible disclosure.

Last updated: July 6, 2026

This page summarizes how Telene approaches security for Telene Grid and related services.

Telene Grid is currently in private beta. Security practices will continue to mature as the product develops. Please do not upload highly sensitive, regulated, or mission-critical data unless you are comfortable using beta-stage software.

1. Security overview

Telene is designed to protect user data through a combination of application-level access controls, hosted infrastructure, database permissions, secure configuration practices, and careful product design.

Our goal is to collect and process only what is needed to provide the service, avoid unnecessary access to user data, and keep user datasets private by default.

2. Infrastructure

Telene’s planned beta infrastructure uses:

  • Cloudflare Pages for frontend hosting and delivery
  • Railway for backend/API hosting
  • Supabase for PostgreSQL database, authentication, and storage
  • Paddle or another payment provider for billing, if paid plans are introduced

These providers are used to host, deliver, store, secure, and operate the service.

3. Encryption in transit

Telene is intended to use HTTPS for browser-to-service communication.

Users should access Telene through official HTTPS URLs such as:

4. Authentication and access control

Telene Grid uses account-based access to protect private projects, datasets, workspaces, reports, and related resources.

Application-level authorization checks are used so that users can access only the resources associated with their own account, organization, or authorized share settings.

Private data should not be publicly accessible unless a user intentionally creates a public or protected share link.

5. Database security

Telene’s planned database layer uses Supabase/PostgreSQL.

Security controls may include:

  • organization and user ownership checks
  • Row Level Security policies where appropriate
  • server-side authorization middleware
  • restricted use of privileged service keys
  • separation of public frontend keys and private backend secrets
  • database schema design that avoids exposing private data unnecessarily

Service-role or privileged database keys must not be exposed in frontend code.

6. Secrets and environment variables

Secrets such as database URLs, service-role keys, JWT secrets, payment webhook secrets, and API keys are managed through environment variables in backend hosting environments.

Secrets should not be committed to Git or placed inside public frontend folders.

The public frontend should only contain values that are safe to expose to browsers.

7. Uploaded datasets

Uploaded datasets are private to the user or organization unless explicitly shared by the user through available sharing features.

Telene does not manually review uploaded datasets as part of normal operations.

Access to uploaded datasets, if ever needed, is limited to cases such as:

  • user-requested support
  • service maintenance or debugging
  • abuse or security investigation
  • legal compliance
  • data restoration or protection

Where practical, Telene will rely on metadata, logs, and user-provided details rather than raw dataset contents.

8. Logging and monitoring

Telene may collect logs and technical metadata to operate and secure the service, such as:

  • request metadata
  • error messages
  • performance metrics
  • upload size
  • row and column counts
  • usage counts
  • API request counts
  • authentication or authorization errors

Telene should avoid logging raw dataset contents unless required for a specific operational or security reason.

9. Backups

Telene may use database backups and provider-level recovery features to help protect against accidental loss, operational failure, or service incidents.

Backups are intended for service recovery and continuity. Data deletion requests may take time to fully propagate through backups according to technical and operational limits.

10. Application security practices

Telene aims to follow practical security practices such as:

  • validating user input on the server
  • checking ownership before returning private resources
  • limiting file upload size and accepted formats
  • avoiding unsafe rendering of user-provided data
  • using text-safe rendering where possible instead of injecting user data as HTML
  • keeping private secrets out of frontend code
  • limiting administrative access
  • applying usage limits to protect the service from overload
  • reviewing security-sensitive code paths before production deployment

11. Beta limitations

Telene Grid is in private beta. This means:

  • features may change
  • limits may change
  • security controls may evolve
  • downtime may occur
  • some enterprise security features may not yet be available

During beta, users should avoid uploading highly sensitive, regulated, or mission-critical data unless they understand and accept the risks.

12. Responsible disclosure

If you believe you have found a security issue, please contact:

security@telene.app

Please include:

  • a clear description of the issue
  • steps to reproduce it
  • affected URLs or accounts, if relevant
  • potential impact
  • your contact information

Please do not access, modify, delete, or disclose data that does not belong to you. Please do not perform destructive testing, denial-of-service attacks, or actions that could disrupt the service.

13. Contact

For security reports:

security@telene.app

For privacy or deletion requests:

privacy@telene.app

For general contact:

hello@telene.app