Your designs are safe with us

Uploaded images are re-encoded through Pillow before processing. Your raw files are never served directly or accessible via URL. This prevents metadata leaks and ensures only safe image data enters our pipeline.

• In transit: All connections use HTTPS/TLS 1.2+
• At rest: Data encrypted via Supabase (AES-256)
• Secrets: API keys and credentials stored in encrypted environment variables

• Managed authentication via Supabase Auth (JWT-based sessions)
• Google OAuth 2.0 support
• Password hashing handled by Supabase's auth infrastructure
• Session tokens expire and refresh automatically

• Rate limiting on all API endpoints
• Input validation and sanitization
• Input validation and injection defenses
• CORS policies restrict cross-origin requests

Your designs are processed by automated analysis systems. We do not manually review uploaded designs as part of normal operations. Access to production data is restricted and logged.

Analysis results are retained as long as your account is active. You can request full data deletion at any time via your account settings or by contacting us.

Your designs are processed by our proprietary analysis engine. Under our data processing policies, design inputs are used solely for generating your analysis and are not used to train or improve any models.

In the event of a security incident, we follow a structured response process:

• Detection & containment within 24 hours
• Root cause analysis and remediation
• Notification to affected users within 72 hours
• Post-incident review and preventive measures

We maintain request logging and monitoring to detect anomalies.