What LabelSets does to protect customer data, how we handle cryptographic material, how we respond to vulnerability reports, and which independent attestations back what we claim. Last updated 2026-04-22.
Controls mapped to OWASP's current Top-10 categories. "Live" means the control is in production; "Planned" means scheduled on the roadmap with an expected date.
| Category | Control | Status |
|---|---|---|
| A01 · Broken Access Control | Supabase Row-Level Security on every table; auth.role() checks on every policy; service_role only used in validation worker. No IDOR: all routes bind resource ownership to auth.uid(). | Live |
| A02 · Cryptographic Failures | TLS 1.3 everywhere (Railway + Supabase enforce HTTPS). AES-256 for Supabase storage at rest. Ed25519 signatures on LQS certs. No custom crypto. | Live |
| A03 · Injection | Supabase client with parameterized queries exclusively. No raw SQL concatenation. HTML escaped through server-side template functions. | Live |
| A04 · Insecure Design | Append-only audit tables (oracle_evaluations, lqs_certs, lqs_cert_revocations). Idempotent validation pipeline. Signed cert model makes tamper trails visible. | Live |
| A05 · Security Misconfiguration | CSP, HSTS, X-Frame-Options DENY, X-Content-Type-Options nosniff, Referrer-Policy strict-origin, Permissions-Policy lockdown (see vercel.json). | Live |
| A06 · Vulnerable & Outdated Components | npm audit on every CI run. Dependabot on key dependencies. Python pip-audit gates model-eval deploys. | Live |
| A07 · Identification & Authentication Failures | Supabase Auth (GoTrue) with password strength + HIBP cross-check. Rate-limited login. OAuth via Google. Enterprise SAML SSO available. | Live |
| A08 · Software & Data Integrity Failures | Ed25519 signatures on LQS certs with canonical JSON serialization. All cert payloads verifiable offline. Revocation registry catches post-facto-compromised certs. | Live |
| A09 · Security Logging & Monitoring | Supabase structured logs + Railway deployment logs. Failed authn + anomalous API call attempts captured. Full SIEM alerting planned Q3 2026. | Partial · full SIEM Q3 '26 |
| A10 · Server-Side Request Forgery | No user-controlled URL fetching in prod routes. VirusTotal hash lookup is the only outbound call from seller-upload path — URL fixed, API key scoped. | Live |
LabelSets signs every LQS cert with a single Ed25519 keypair. The public key is published at /api/lqs-public-key so any procurement auditor can verify offline. Rotation policy and key custody summarized below.
aa4c070af907e2ea · generated 2026-04-22. Private key stored exclusively as the LQS_SIGNING_PRIVATE_KEY env var on the validation service; access is limited to the Railway service owner. Key is not written to disk, not in git, not in logs.lqs_cert_revocations — a public, append-only table surfaced through the verification endpoint. Revocations are irreversible; there is no "un-revoke."validation/workers/lqs-cert.js) and both verifiers (api/lqs-cert-verify.js, sdk/labelsets/lqs.py) implement byte-for-byte identical canonicalization. Divergence would break verification — this invariant is maintained by code review.| Surface | Cipher | Provider |
|---|---|---|
| HTTPS (all endpoints) | TLS 1.3 · AES-256-GCM · ECDHE | Railway + Vercel (Let's Encrypt, auto-renewed) |
| Supabase database | AES-256 encryption at rest + TLS in transit | AWS RDS-managed (us-west-2) |
| Supabase storage (uploaded datasets) | AES-256 encryption at rest · TLS 1.3 in transit | AWS S3-managed |
| Redis (BullMQ queues) | TLS in transit · Railway private network (no public exposure) | Railway-managed |
| Cert signing key | Ed25519 private key only in Railway env var (encrypted at rest by Railway) | Railway Variables store |
We operate a responsible-disclosure program with a 90-day coordinated disclosure window. Please do not run automated scans against our production infrastructure without first contacting us — it creates noise that can look like an attack.
Email the findings to security@labelsets.ai with a reproduction + impact description. We commit to an initial human response within 48 hours and a remediation plan within 14 days for in-scope issues. No bug bounty yet; we're working on it.
In scope: production endpoints on labelsets.ai, initialdeploy-production.up.railway.app, the validation + model-eval Railway services, the Supabase API. Out of scope: DoS, findings requiring physical access, social engineering of LabelSets employees.
Third-party attestations that back specific claims on this page. We distinguish between "Currently-held", "In-progress" with expected delivery, and "Planned". We do not claim certifications we do not hold.
| Attestation | Scope | Status |
|---|---|---|
| SOC 2 Type II | Production marketplace + validation services | In progress · Q3 2026 |
| HIPAA BAA | Available for enterprise customers upon request | Live (contract-executed BAAs in place) |
| GDPR / DPA | Custom DPA for enterprise customers; standard privacy policy for self-serve | Live |
| ISO 27001 | Information Security Management System | Planned 2027 |
| Penetration test | Annual third-party pen test of the marketplace + LQS pipeline | Planned Q4 2026 |
| NIST AI RMF alignment | LQS v3.1 methodology submitted as reference implementation | Submission in prep |
When a status moves from "Planned" or "In progress" to "Live", the corresponding report or attestation letter is available on request under NDA via security@labelsets.ai.
Every response from labelsets.ai carries the following headers. You can verify this yourself from the command line.
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' ... X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Referrer-Policy: strict-origin-when-cross-origin Permissions-Policy: camera=(), microphone=(), geolocation=(), usb=()
curl -I https://labelsets.ai/ | grep -iE "strict|content-security|x-frame|x-content|referrer|permissions"