Security & privacy
The AI sees your question.
Never you.
Every file is encrypted into its own silo, identifying details are stripped before any model call, and nothing you upload is ever used for training. This page is the exact inventory of how.
AES-256
Encryption at rest
TLS 1.3
Encryption in transit
Never
Training on your data
None
Cross-account access
None
Identity sent to providers
Discarded
Context after each answer
Isolated by architecture
Every account is a sealed silo — no code path lets one account read another's files. Chat context is discarded after every answer.
Encrypted everywhere
AES-256 at rest, TLS 1.3 in transit — enforced by default across our Supabase / AWS infrastructure.
Anonymized before the model
Names, emails, phones, and ID numbers are stripped before anything reaches an AI model, then restored in the answer. The model reads content, not identities.
never sent — names · contact details · IDs · request headers
Anonymous to the provider
Provider fields for user IDs stay empty. No customer ID, no identifying headers — your request looks like anyone else's.
Links are vetted first
Every link is resolved before it's fetched. Private and internal addresses are blocked, and each redirect is re-checked.
Keys stay with you
Connected-app tokens never touch our database — a breach can't leak keys we never held. Sign-in uses PKCE OAuth with server-side session limits.