Security
How Resizes AI protects customer data.
Resizes AI runs on AWS in eu-west-1 only. Secrets are injected via External Secrets Operator on Kubernetes; never commit keys or .env files to git.
- Google SSO for customer-facing sign-in (Authentik OIDC)
- Org-scoped authorization on every API route
- Stripe handles card data; the app stores Stripe IDs, not PANs
- Structured logging without passwords, tokens, or PII
