How we secure your data
Blue Vellum runs on boring, well-understood infrastructure on purpose — a small stack of best-in-class managed services, each with its own publicly verifiable compliance certifications.
The subprocessor stack
Authentication
Sign-in and sessions run through Clerk, hosted on AWS. Passwords are never stored on Blue Vellum's servers; sessions are short-lived JWTs. Two-factor auth available on every account.
Hosting
The web application is deployed through Vercel, served from Cloudflare's edge network. All connections use TLS 1.2 or higher. US-only data residency.
Database
Customer drawings, BOMs, and account data live in Supabase (managed PostgreSQL) running on AWS in the US. Encrypted at rest by default.
Found a vulnerability? Tell us.
Email security@bluevellum.com with a description and reproduction steps. We acknowledge security reports within one business day. If we confirm a breach affecting customer data, we'll notify affected customers within 72 hours.