Meta Pixel
RytoraRytoraDocsBack to site

Troubleshooting and safety

Security best practices

Rytora BuildLabs generates secure code by default, but security is a shared responsibility. Follow these guidelines to keep your apps safe.

Platform security

Rytora BuildLabs protects your data and code at the platform level.

  • All data encrypted in transit (TLS 1.3) and at rest
  • Isolated preview environments per project
  • Environment variables encrypted and never exposed in logs
  • Authentication via NextAuth.js with secure session handling
  • Role-based access control for team features
  • Regular security audits and dependency updates

Best practices for your apps

Never hardcode secrets

API keys, database URLs, and tokens must always be stored as environment variables. Rytora BuildLabs manages these securely and injects them at build and runtime. Never include secrets in your prompts or code editor.

Use authentication on protected routes

When your app has user accounts, always specify which routes require authentication in your prompt. Rytora BuildLabs generates Supabase Auth with Row Level Security (RLS) policies and protected routes on the frontend.

Validate all user input

The AI generates input validation using Supabase RLS policies and form validation on the frontend. Always review that all data access paths validate and sanitize incoming data.

Use HTTPS everywhere

All Rytora BuildLabs previews and deployments use HTTPS by default. Vercel and Supabase provide automatic SSL certificates. Never disable SSL or use HTTP-only endpoints in production.

Implement rate limiting

Generated apps include rate limiting via Supabase to prevent abuse. Review the rate limit configuration and adjust thresholds based on your expected traffic patterns.

Keep dependencies updated

After exporting your code, regularly update npm dependencies to patch security vulnerabilities. Use tools like npm audit or Snyk to monitor for known issues.

Scope database permissions

Supabase projects provisioned by Rytora BuildLabs use scoped credentials per project. Each app has its own isolated database with its own connection string — no shared access between projects.

Review generated code before deploying

Always review the generated code in the code editor before deploying to production. Check for exposed endpoints, missing auth guards, and unintended data access patterns.

Report a vulnerability

If you discover a security vulnerability in Rytora BuildLabs or a generated app, please report it to security@rytora.ai. We take all reports seriously and will respond within 24 hours.