How we protect your data

Encryption

All data in transit is encrypted with TLS 1.2 or higher. Data at rest — including brand assets, generated images, and database records — is encrypted using AES-256. Passwords are hashed with bcrypt using per-user salts.

Authentication & Access Control

API access is secured with scoped API keys. End-user authentication uses short-lived JWT session tokens generated server-side. The dashboard enforces role-based access with organization-level isolation — users can only access data within their organization.

Infrastructure

Our platform runs on isolated infrastructure with network-level segmentation. File storage uses Cloudflare R2 with signed URLs — assets are never publicly accessible. Database connections use encrypted channels with limited-privilege credentials.

Data Handling

• We do not use your prompts or generated images to train AI models
• Brand assets are stored in isolated, per-organization storage buckets
• Generated images are cached temporarily for delivery and expire automatically
• Account deletion removes all associated data within 30 days

API Security

API endpoints are protected by rate limiting and quota enforcement. All requests are authenticated and logged. API keys can be rotated at any time from the Dashboard. Widget demo mode uses client-side Google AI keys that are never sent to our servers.