Security & Compliance

Last Updated: April 10, 2026

51 Terminal is built for institutional users — analysts, investors, consultants, and enterprise teams who expect their data and the platform’s proprietary intelligence to be handled with discipline. This page summarizes how we protect the platform, your account, and the data we hold.

For the binding legal terms governing data handling, see our Privacy Policy. For platform usage terms, see our Terms of Service.

Security Practices

Encryption in Transit and at Rest

All traffic to and from 51 Terminal is protected with TLS 1.2+. Data stored in our managed database and object storage is encrypted at rest using AES-256 by our infrastructure providers.

Authentication

We use passwordless authentication via one-time email codes (OTP) through Supabase. There are no long-lived passwords to leak. Sessions are bound to short-lived tokens and refresh under strict expiry rules.

Infrastructure

51 Terminal runs on Vercel for application hosting and Supabase for authentication and database. Both providers maintain SOC 2 Type II compliance and operate hardened, audited environments.

Access Logging and Monitoring

We log platform access events — page views, data record accesses, exports, and search queries — to detect unauthorized use, scraping, and systematic extraction of proprietary content. Logs are reviewed for anomalous patterns.

Role-Based Access Controls

Internal access to user data is restricted to employees who require it to operate the platform. All administrative actions are auditable.

Vendor and Subprocessor Review

Every third-party service that processes user data is reviewed for security posture, data handling, and compliance certifications before being integrated. The current subprocessor list is published in our Privacy Policy.

Data Residency and Transfers

User data is processed in the United States. For users in the EEA, UK, and Switzerland, international transfers are protected by Standard Contractual Clauses where applicable.

Incident Response

We maintain an internal incident response process. If a security incident affects your data, we will notify affected users and applicable regulators within the timelines required by law.

Protecting Proprietary Content

51 Terminal’s data, scoring methodologies, taxonomies, and analyses are proprietary to Fiftyone Group LLC and constitute trade secrets. To protect this content, we apply technical measures alongside our legal terms:

Rate limiting on data access endpoints to prevent automated extraction.
User-bound access logs that allow us to trace unauthorized redistribution back to its source.
Anti-crawler controls (robots.txt, noindex headers) on all authenticated pages.
Visible proprietary notices on data displays so that exports and screenshots carry clear ownership marks.

Compliance Posture

GDPR / UK GDPR: We support data subject rights (access, rectification, erasure, portability, objection). Contact privacy@fiftyone.xyz to exercise them.
CCPA / CPRA: California residents may request to know, delete, or correct their personal information, and may opt out of sale or sharing. We do not sell personal information.
Subprocessor Transparency: Our current subprocessor list is published in the Privacy Policy and updated when it changes.

Reporting a Vulnerability

If you believe you have found a security vulnerability in 51 Terminal, please report it responsibly to security@fiftyone.xyz. We ask that you give us a reasonable opportunity to investigate and remediate before any public disclosure. We will acknowledge receipt within 3 business days.

Contact

General privacy and data protection inquiries: privacy@fiftyone.xyz
Security disclosures: security@fiftyone.xyz