SECURITY

Adealo Security Overview

Last updated: 21 May 2026

This page summarizes the technical and organizational measures Adealo OÜ ("Adealo", "we", "us") uses to protect the Adealo Service and customer data.

1. Infrastructure

Adealo uses managed cloud infrastructure and Firebase services for hosting, authentication, databases, storage, and serverless functions.

Production access is limited to authorized personnel and is managed according to least-privilege principles.

2. Encryption

• Data is encrypted in transit using HTTPS/TLS.
• Managed infrastructure providers apply encryption at rest for supported storage and database services.
• Secrets and service credentials are not intended to be stored in source code.

3. Access controls

• Administrative access is restricted to authorized users.
• Application permissions are designed around role-based access and tenant boundaries.
• Internal access should be reviewed and removed when it is no longer required.

4. Application security

• Authentication is handled through Firebase Authentication.
• Database and storage access are controlled through Firebase security rules and server-side functions.
• Customer data isolation is enforced through application checks and access rules.
• Security-sensitive changes are tested before release where practical.

5. Monitoring and incident response

Adealo monitors service behavior and operational errors to detect reliability and security issues.

If we become aware of a security incident affecting customer data, we will investigate, take appropriate containment steps, and notify affected customers where required by law or contract.

6. AI data handling

• AI features process customer data only to provide requested product functionality.
• Customer data is not used by Adealo to train public or general-purpose AI models.
• Prompts and outputs are handled according to the Privacy Statement, Terms, and DPA.

7. Customer responsibilities

Customers are responsible for managing their users, securing credentials, configuring widgets appropriately, and ensuring their own privacy notices and end-user consents are accurate.

8. Reporting security issues

Please report suspected vulnerabilities or security concerns to legal@adealo.com. Include enough detail for us to reproduce and assess the issue.