DynamicInterfacesBack to Home

Security

Your data security is our top priority

๐Ÿ”’

Data Encryption

All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption. We follow industry best practices for cryptographic security.

๐Ÿ›ก๏ธ

Infrastructure

Application servers run on Vercel; the database is managed PostgreSQL on Neon (EU-Central-1). We are not currently SOC 2 certified โ€” that programme is on our roadmap and we will not claim certification until it is signed.

๐Ÿ‘ค

Authentication & Access Control

Authentication uses signed JWTs in httpOnly cookies. Passwords are stored as bcrypt hashes (cost 12). Admin endpoints are gated server-side by a database role and enforced both at the middleware and per-route. TOTP-based 2FA is wired in the database and will be exposed in the UI shortly.

๐Ÿ”

Monitoring & Auditing

Authentication, billing webhooks, and the AI generation endpoint emit structured logs. We have not yet completed an external penetration test; one is planned before the first paid customer is onboarded.

โšก

Incident Response

We have a dedicated incident response team and procedures. In the unlikely event of a security incident, we will notify affected users within 72 hours.

Report a Security Issue

If you discover a security vulnerability, please report it to us responsibly:

Contact Security Team