Company
Security and responsible deployment
How we think about auth, data handling, and safe defaults across web and native clients.
Shipping AI to real people means taking auth, transport security, and data handling seriously — even when you are moving fast.
This is how we think about responsible deployment across web and native clients. It is not a certification checklist; it is our engineering posture.
Security practices
- TLS 1.3 for data in transit; AES-256 for data at rest where applicable
- Supabase-backed authentication with secure session handling when you sign in
- Signed upload tokens on provider-heavy routes; optional internal API secret for operator endpoints
- Rate limiting and abuse protections on public APIs
- Production test helpers disabled; internal routes gated in production
Privacy and responsibility
We publish a privacy policy and terms of service. Users can review what we collect and how conversations are processed.
AI systems can leak sensitive information if misused. We default toward minimal retention where we can, clear consent for AI data use, and ongoing hardening as threats evolve.