Security and reliability

Syleri uses Supabase Auth for authentication, server-side session handling for protected routes, and Google Cloud Run for deployment. Sensitive service keys should stay on the server and should never be committed to GitHub.

If you find a security issue, report it privately with steps to reproduce. Please do not publicly disclose vulnerabilities before the team has reviewed them.