Security
How we protect your data and our infrastructure.
Encryption
AES-256 at rest. TLS 1.2+ in transit. All data encrypted end-to-end between your browser and our infrastructure.
Authentication
Every API endpoint requires authentication. No anonymous access to user data or AI inference routes.
Infrastructure Monitoring
24/7 automated monitoring: uptime probes, dependency scanning, cost anomaly detection, certificate expiry tracking, and API abuse detection.
Dependency Security
Automated weekly dependency audits via Dependabot across all workspaces. Critical vulnerabilities trigger immediate alerts.
Data Isolation
Strict tenant isolation. User data is never shared between accounts and never used for AI model training.
Vendor Security
All infrastructure vendors (Supabase, Vercel, OpenRouter, Twilio) are SOC-2 Type 2 certified. Quarterly vendor assessments.
Incident Response
Documented incident response plan with severity classification, response timelines, and 72-hour breach notification commitment.
Security Headers
HSTS with preload, X-Frame-Options DENY, X-Content-Type-Options nosniff, strict Referrer-Policy, and locked-down Permissions-Policy.
Report a vulnerability
If you discover a security issue, please email andysalvo26@gmail.com. We take all reports seriously and will respond within 24 hours.
Get in touch.
Building accountability infrastructure for AI systems. If you are working on the same problem, we should talk.
- ECD PaperExplicit Commitment Debt
- Lacuna ProtocolWitnessed Accountability for Multi-Agent Systems
- SecurityHow we protect your data
- PrivacyPrivacy Policy
- TermsTerms of Service
- Andyandysalvo26@gmail.com
- Jamesonjamesonackerman2024@gmail.com