Security & Privacy Trust Center

Sensitive data fields are encrypted at rest using AES-256-GCM with PBKDF2-derived keys. Encryption occurs at the application layer before database storage, ensuring data remains protected even in the event of infrastructure compromise.

All personally identifiable information is masked before display in administrative interfaces. Email addresses, names, IP addresses, and company identifiers are redacted using pattern-based masking. Raw PII is never exposed through API responses.

Search queries are hashed using SHA-256 before storage. Only anonymized hashes are retained for aggregate analytics — raw search text is never persisted. Contact information submitted with search requests is redacted at the point of collection.

Visitor tracking data is automatically purged after 90 days. Search telemetry follows a stricter 30-day retention window. Automated daily purge jobs ensure compliance with data minimization principles without manual intervention.

Tiered rate limiting protects all API endpoints against abuse and brute-force attacks. Authentication endpoints enforce strict limits (10 req/min), search endpoints use moderate limits (30 req/min), and general API traffic is capped at 120 req/min per IP.

Every administrative action is recorded in an immutable audit log with user identity, timestamp, action category, and metadata. Audit events cover report access, data exports, retention purges, model management, and system configuration changes.

Strict role separation between standard users and administrators. Administrative procedures are gated by server-side role verification. Tier-based feature access ensures users only see data appropriate to their subscription level.

Server-side log output is sanitized to prevent accidental PII exposure. Email addresses, bearer tokens, API keys, and JWT tokens are automatically redacted before being written to any log stream.