Authentication and access control
Openbox uses Supabase authentication and server-side session checks to support role- and access-based protection for learner, administrator, and enterprise views.
Security and Privacy Overview
Openbox is built around authenticated access, server-side checks, secure checkout, protected video delivery, and clearly documented learner records. This page provides a high-level overview of our platform practices.
Last reviewed: July 13, 2026
Openbox uses Supabase authentication and server-side session checks to support role- and access-based protection for learner, administrator, and enterprise views.
Learning records are stored in PostgreSQL, with application-level access checks and policies designed to provide only the access each workflow requires.
Stripe processes checkout and billing. Openbox does not store full card numbers in its application.
Mux-backed course videos can use signed playback tokens, time-limited access, and request validation to reduce unauthorized playback and token misuse.
Completion records, assessment results, and certificates are generated from server-side course progress rather than editable values stored only in the browser.
Launch-readiness checks help confirm that required platform services are configured before checkout, video, administrative, and enterprise workflows go live.
This page summarizes Openbox platform practices. It is not a security audit, compliance certification, or legal statement. For applicable privacy and legal terms, review the Privacy Policy and Terms of Use.
Report a security concern