Your Security is Our Priority

Data Protection

Encryption Standards

• At Rest: Industry-standard encryption for all stored data
• In Transit: TLS encryption for all data transmission
• Passwords: Secure hashing (Firebase Authentication)
• Backups: Automatic encrypted backups via Firebase

Infrastructure Security

• Hosted on Google Cloud Platform (Firebase)
• Built-in DDoS protection via Google Cloud
• Firebase Security Rules for data access control

Authentication & Access

User Authentication

• Secure password requirements (minimum 8 characters, complexity rules)
• Biometric authentication (Face ID, Touch ID, fingerprint)
• Optional PIN code for additional security
• Session management with automatic timeouts
• Login attempt monitoring and lockout protection

Third-Party Access

• OAuth 2.0 for social login (Google, Apple)
• Polar.sh for payment processing (Merchant of Record)

Privacy Practices

• We never sell your personal data
• We never share your data with third parties for marketing
• We never use your data for AI training
• Voice recordings are processed and immediately deleted
• Minimal data collection - only what's needed for the service
• Full data export and deletion available on request
• GDPR and CCPA compliant

Incident Response

• Security monitoring via Firebase and Google Cloud
• User notification of any data breaches as required by law

Compliance

• GDPR (General Data Protection Regulation) - we respect EU user rights
• CCPA (California Consumer Privacy Act) - we respect California user rights
• PCI DSS compliance via Polar.sh (Merchant of Record) for payment processing