Security & Compliance

Encryption in Transit

Data transmitted between your browser and our servers is encrypted in transit using modern TLS. This helps prevent interception during transmission.

Encryption at Rest

Where applicable, stored data is protected using encryption at rest and access controls. Specific implementation details may evolve as the product matures.

End-to-End Protection

We aim to protect data throughout its lifecycle using a combination of encryption and access controls.

Cloud Infrastructure

AI Port is hosted on industry-leading cloud infrastructure with built-in security features:

• Redundant, geographically distributed data centers
• Automatic failover and backup systems
• DDoS protection and traffic filtering (where available)
• Monitoring and alerting

Network Security

• Network-level protections (where available)
• Ongoing vulnerability management
• Network segmentation and isolation
• Secure VPN access for administrative tasks

Authentication

• Secure Password Requirements: Minimum length, complexity requirements, and breach detection
• Two-Factor Authentication (2FA): Optional but strongly recommended for all accounts
• Session Management: Automatic timeout after inactivity, secure session tokens

Authorization

• Role-based access control (RBAC) for team accounts
• Principle of least privilege - minimal necessary permissions
• Audit logs of all access and changes

Data Minimization

We only collect and store data necessary to provide the Service. We don't collect unnecessary personal information.

Data Retention

Data is retained only as long as necessary:

• Chat history: Based on your plan (30 days to unlimited)
• Account data: Until account deletion plus 30-day recovery period
• Backups: Encrypted and deleted after 90 days

Data Deletion

When you delete your account, all personal data is permanently removed from production systems within 30 days and from backups within 90 days.

Development Security

• Secure coding practices and code review requirements
• Regular security training for all engineers
• Automated security scanning in CI/CD pipeline
• Dependency vulnerability monitoring and patching

Monitoring & Response

• Security monitoring and alerting
• Incident response plan with defined procedures
• Regular security audits and assessments
• Bug bounty program (coming soon)

GDPR (EU)

We comply with the General Data Protection Regulation:

• Lawful basis for data processing
• Data subject rights (access, deletion, portability)
• Data Processing Agreements (DPA) available
• Privacy by design and default

CCPA (California)

California Consumer Privacy Act compliance:

• We do not sell personal information
• Right to know, delete, and opt-out honored
• Non-discrimination for exercising privacy rights

AI Model Providers

We partner with security-conscious AI providers:

• Anthropic: provider policies apply
• OpenAI: provider policies apply

Other Vendors

All third-party vendors are vetted for security practices and sign Data Processing Agreements when handling personal data.

In the event of a security incident:

• Detection: Automated monitoring detects anomalies
• Containment: Immediate action to prevent further impact
• Investigation: Root cause analysis and forensics
• Notification: Affected users notified within 72 hours (as required by law)
• Remediation: Fixes implemented and security improvements made

Security is a shared responsibility. You can protect your account by:

• Using a strong, unique password
• Enabling two-factor authentication (2FA)
• Not sharing your account credentials
• Logging out on shared devices
• Keeping your recovery email secure
• Reporting suspicious activity immediately

If you discover a security vulnerability, please report it responsibly:

• Email: support@ai-port.me
• Provide detailed information about the vulnerability
• Allow us reasonable time to fix the issue before public disclosure
• We appreciate responsible disclosure and may offer recognition

Questions about our security practices?

• Email: support@ai-port.me
• General inquiries: hello@ai-port.me

Enterprise customers can request additional security documentation, including architecture diagrams and security questionnaires.