Security First

Your knowledge is valuable. We take security seriously with enterprise-grade protection for all users.

All data stored in our database is encrypted using AES-256 encryption. This includes your documents, URLs, and any extracted content.

All data transmitted between your browser and our servers uses TLS 1.3 encryption. API communications are always HTTPS.

PostgreSQL RLS policies ensure complete data isolation. Users can only access data within their organizations and pockets.

BYO API keys are encrypted with AES-256-GCM before storage. Keys are decrypted only when making API calls.

All sensitive operations are logged for compliance. Team plan includes full audit trail with user attribution.

Hosted on Vercel, Railway, and Supabase with SOC 2 compliance. Regular security updates and monitoring.

Compliance & Policies

Transparent policies to protect your data and privacy.

Data is stored in US-based data centers. Contact us for EU data residency requirements.

You control your data. Delete pockets, sources, or your entire account at any time with immediate effect.

We never share your data with third parties. LLM providers only see the context needed for your queries.

We have documented incident response procedures and will notify affected users within 72 hours of any breach.

We conduct regular security reviews and penetration testing to identify and address vulnerabilities.

Automated scanning for vulnerable dependencies with rapid patching of critical issues.

All code changes go through security review. We follow OWASP guidelines for secure development.

Principle of least privilege. Production access is limited and audited. No employee can access your data without authorization.

If you have security concerns or want to report a vulnerability, please contact us.