Security First, Always
Your conversations are precious. We protect them with enterprise-grade security while making AI accessible and powerful.
Our Security Promise
What We Protect
- • Our conversations and message history
- • Files and attachments we share
- • Authentication credentials
- • Personal preferences and settings
- • All data transmission and storage
What We Never Do
- • Sell or share our conversations
- • Train models on our data without consent
- • Allow unauthorized human access
- • Store unencrypted sensitive data
- • Compromise on security for features
How it works: Our conversations are encrypted in transit and at rest. When we chat with AI models, we route requests securely to the appropriate model provider. Our data stays protected at every step.
Enterprise-Grade Security Features
Built on industry-leading security infrastructure
Encrypted Storage
All conversations and data encrypted at rest using industry-standard encryption. Our data is protected even if storage is compromised.
End-to-End Encryption
All data transmission uses HTTPS/TLS 1.3. Our conversations are encrypted from browser to servers and to AI model providers.
No Human Access
Our conversations are private. No human reads our chats unless legally required or explicitly requested for support.
Secure Authentication
Industry-standard authentication via Clerk. Multi-factor authentication available. Session tokens encrypted and short-lived.
Infrastructure Security
Hosted on Vercel's SOC 2 Type II certified infrastructure with automatic SSL, DDoS protection, and security monitoring.
Data Isolation
Strict data isolation ensures we can only access our own data. Database-level security prevents cross-user data access.
Trusted Security Partners
We leverage the security certifications of industry leaders
Clerk
Authentication and user management
Vercel
Infrastructure and hosting
Sentry
Error monitoring without data exposure
Compliance & Certifications We Inherit
Through our security partners, Carmenta benefits from enterprise-grade compliance and certifications. Your data is protected by the same standards used by Fortune 500 companies.
Technical Security Implementation
Encryption
- TLS 1.3 for all data in transit
- AES-256 for data at rest
- Encrypted database connections and backups
- End-to-end encryption for file uploads
Access Control
- Strict user isolation - you can only access your own data
- JWT-based authentication with short-lived tokens
- Rate limiting on all API endpoints
- IP-based blocking for suspicious activity
Monitoring & Response
- Real-time error tracking with Sentry
- Automated security scanning on all deployments
- 24/7 infrastructure monitoring by Vercel
- Immediate session revocation on suspicious activity
Data Handling
- Encrypted storage of conversations and files
- Request logs retained for 90 days (metadata only)
- Secure deletion on account termination
- Regular security audits and updates
What We Do
- Encrypt all data in transit and at rest
- Use industry-standard authentication
- Implement rate limiting and DDoS protection
- Monitor for security threats 24/7
- Regular security audits and updates
- Immediate session revocation on request
- Transparent security practices
What We Never Do
- Store your data unencrypted
- Share or sell your conversations
- Train AI models on your data without consent
- Allow unauthorized human access
- Log sensitive conversation content
- Keep data after account deletion
- Compromise on security for convenience
Security Questions?
We take security seriously. If you have questions about our security practices, found a vulnerability, or need more information for your compliance requirements, please reach out.