Security

How Resizes AI protects customer data.

Resizes AI runs on AWS in eu-west-1 only. Secrets are injected via External Secrets Operator on Kubernetes; never commit keys or .env files to git.

  • Google SSO for customer-facing sign-in (Authentik OIDC)
  • Org-scoped authorization on every API route
  • Stripe handles card data; the app stores Stripe IDs, not PANs
  • Structured logging without passwords, tokens, or PII