Trust & security

Transparency about how Hugo runs

Last updated: April 29, 2026

This page summarizes how the Hugo platform is operated today. It is descriptive, not a certification or audit report. For contractual terms and privacy disclosures, see our Terms of Service, Privacy Policy, and Data Processing Agreement overview. Security questions: hello@hugo.app.

Architecture overview

Hugo is a multi-tenant SaaS product: a Next.js web application talks to a PostgreSQL database through Supabase (Auth + PostgREST + Row Level Security), plus supporting services for AI, email, and billing. Traffic between your browser and our app uses HTTPS (TLS). Internal service-to-service calls use our hosting provider's private networking where configured.

Hosting & regions

  • Web application and related Node workers run on Railway (container-based hosting). We do not operate our own data centers.
  • Database and authentication are provided by Supabase (managed PostgreSQL and Supabase Auth). Org-scoped data is enforced with Postgres Row Level Security policies.
  • Python agent / LangGraph service runs alongside the stack on Railway and communicates with the database and other APIs over private URLs where possible (see infrastructure docs for operators).

Data processors & third-party services

Depending on features you enable, Hugo processes data through subprocessors including (non-exhaustive):

  • Supabase — hosted Postgres, Auth, Storage patterns as used by the product.
  • Stripe — payments and billing customer records where checkout or subscriptions are used.
  • OpenRouter (or similarly configured LLM providers) — model inference for AI features.
  • Composio — OAuth connectors and third-party tool execution when integrations are enabled.
  • Sentry — error reporting for the web app and services (may include scrubbed context).
  • Vector memory (e.g. Qdrant) — episodic/semantic storage for agent memory when enabled for an organization.

Exact subprocessors per workspace depend on enabled integrations. A formal subprocessor list suitable for enterprise procurement is maintained with our DPA process — contact hello@hugo.app for the current list tied to your subscription.

Security controls (current)

  • Tenant isolation via PostgreSQL RLS and organization membership checks in API routes.
  • Authenticated Supabase sessions (HTTP-only cookies) for dashboard access.
  • Secrets stored in environment configuration on the hosting platform — not in client bundles.
  • Error monitoring to detect and fix production faults (Sentry).

What we do not claim here

We do not state that Hugo holds a specific third-party attestation (for example SOC 2 Type II) unless we have published verification separately. Marketing copy and pricing are aligned with that policy. If we complete an audit in the future, we will update this page and any public claims accordingly.

In progress / roadmap

  • Expanded customer-facing documentation of subprocessors and data flows by product area.
  • Continued hardening reviews as features and integrations expand.
  • Optional enterprise artifacts (DPAs, questionnaires) through hello@hugo.app.

Report a concern

For security disclosures or privacy requests, email hello@hugo.app. For general product help, use Contact.