Security Practices

Our web assets and API services are hosted on Vercel's global edge network. Vercel utilizes enterprise-grade infrastructure built on top of Google Cloud Platform (GCP) and Amazon Web Services (AWS), protected by DDoS protection, server firewalls, and active load monitoring.

We enforce TLS 1.3 encryption for all data transit. Standard HTTP connections are automatically redirected to secure HTTPS protocols.

Our system database operates on Neon serverless PostgreSQL, providing automated scaling, high availability, and separation of compute and storage elements.

All persistent database records are encrypted at rest using AES-256 standard encryption. Network access to our database is strictly limited using secure credentials and VPC routing rules.

Point-in-time database restoration and hourly automated snapshots are enabled. Backups are stored across isolated geographic regions to guarantee data resilience in the event of local infrastructure disruptions.

Disaster recovery tests are conducted regularly to verify backup restoration speed and data integrity benchmarks.

We operate under a strict AI Governance Framework:

• Zero Data Retention: All customer data routed through external AI vendor APIs (e.g., OpenAI, Anthropic, Google Cloud AI) is processed with Zero Data Retention clauses. Customer inputs are never used to train public models.

• Enterprise Isolation: Inputs submitted to automated systems are sandboxed and routed using enterprise-tier API keys, isolated from generic consumer AI environments.

• Local Vector Buffers: Vector databases and retrieval systems are protected under standard access tokens and are strictly separated by project context.

Administrative panel access is strictly governed. Multi-factor authentication (MFA) and cryptographic session key management restrict internal access only to authorized personnel.

Audit logs capture administrative actions, including data modifications, sitemap updates, and settings changes.