Introduction

Our web application is dedicated to ensuring the privacy and security of our users and their data. This document highlights the security measures we've implemented.

Secure Communication

• TLS/SSL Encryption: All data transferred between our servers and clients' devices are encrypted using the latest TLS/SSL protocols. This ensures that any sensitive information remains confidential and cannot be intercepted during transit.

Authentication

• E-mail Authentication: Our app uses Firebase's e-mail authentication method, which allows users to sign in securely without managing passwords. Users receive a one-time code or magic link to verify their identity, providing both security and convenience.

Data Security

• Encryption at Rest: All data is encrypted at rest using industry-standard encryption algorithms via MongoDB (256-bit Advanced Encryption Standard in Cipher Block Chaining mode via OpenSSL). Keys are managed and rotated using Azure Key Vault.
• Regular Backups: Data backups are taken regularly and are encrypted.
• Siloed Customer Data: Every customer’s data is siloed in a separate database, ensuring no co-mingling of data.

Application Security

• Robust infrastructure: Our web application is hosted on Microsoft Azure, a leading cloud service provider known for its robust and secure infrastructure. Azure employs a wide range of security technologies and practices to safeguard data from any external threats.
• Regular Security Audits: We have onboarded Drata as our SOC2 compliance platform and intend to have SOC2 Type 1 in Q2 2025.

AI

• AI Vendor: We use Azure OpenAI API whose policy ensures that no data is used in the training set for the AI model.

Additional Steps

• NDA: We will sign an NDA upon request.

Conclusion:

Security is our top priority. We are committed to implementing the best practices to ensure the safety of our users and their data. We believe in transparency and are always open to feedback and queries related to our security practices.

‍