Security Architecture

How we protect your data through a defense-in-depth approach.

1. Secure by Design & Stateless Processing

Our most significant security feature is our stateless architecture. We believe the safest way to handle your personal AI conversations is to not store them at all.

  • Zero Persistent Storage: When you upload a chat export, it enters ephemeral storage with a strict 15-minute Time-To-Live (TTL). Once your migration kit is generated or the timestamp expires, the files are deleted.
  • No Attack Surface for Breaches: Because we do not persistently store user chat histories, prompts, or LLM-generated outputs, there is no database of user data to breach.
  • No User Accounts: We do not require you to create an account, meaning there are no passwords to leak or sessions to hijack.

2. The 5-Layer Security Stack

For any data that moves through our application, we employ a 5-layer defense-in-depth strategy to ensure malicious requests never reach our processing logic:

  1. Layer 1: Security Headers (Middleware) – We strictly enforce CSP, HSTS, and X-Frame-Options to prevent clickjacking and Cross-Site Scripting (XSS) at the browser level.
  2. Layer 2: Rate Limiting – Crucial endpoints are rate-limited to prevent brute-force attacks and resource exhaustion (DoS).
  3. Layer 3: CSRF Protection – State-changing requests are protected by HMAC-SHA256 cryptographic signing and single-use tokens to prevent forgery.
  4. Layer 4: Strict Input Validation – All incoming data and file structures are validated using strict Zod schemas before processing, eliminating injection vulnerabilities.
  5. Layer 5: Secure Error Handling – In the event of an error, our application fails securely. We use generic error messages in production to prevent information leakage about our server architecture.

3. Payment Security

We offload all payment processing to Stripe to completely bypass PCI-DSS concerns on our servers:

  • We never see, store, or transmit your credit card numbers.
  • All checkouts happen directly on Stripe's PCI-compliant infrastructure.
  • Webhook events from Stripe are verified cryptographically before any action is taken on our end.

4. Encryption in Transit

All traffic between your browser and our servers is encrypted using industry-standard TLS 1.3. Any data temporarily resting on our servers during the 15-minute processing window is encrypted at rest using AES-256.