Security
Your security is our top priority
🔒 Data Encryption
- • All data is encrypted in transit using TLS 1.3
- • API keys are encrypted at rest using AES-256
- • Integration OAuth tokens are encrypted at rest
- • Database connections use SSL encryption
- • Passwords are hashed using bcrypt
👤 Authentication
- • Email/password authentication with bcrypt-hashed passwords
- • OAuth 2.0 with Google and GitHub
- • CLI authentication via browser-based OAuth flow
- • No passwords stored for OAuth users
- • Session tokens expire after 7 days
- • Two-factor authentication (coming soon)
🛡️ Privacy
- • We never sell your data
- • Your conversations are private
- • We don't train AI models on your data
- • You can delete your account anytime
- • Integration data (Discord messages, Gmail, Calendar events) is accessed in real-time via OAuth and not bulk stored on our servers
Read our full Privacy Policy
✅ Compliance
- • GDPR compliant
- • CCPA compliant
- • SOC 2 Type II (in progress)
- • Regular security audits
🔗 Integration Security
- • OAuth 2.0 used for all third-party integrations
- • Integration tokens stored encrypted at rest
- • Refresh tokens automatically rotated on expiry
- • Users can revoke integration access anytime from settings
- • Supported integrations: Discord, Gmail, Slack, Microsoft Teams, Google Calendar, Notion, Google Drive, Jira
🚨 Report a Security Vulnerability
If you discover a security issue, please report it responsibly. Do not disclose it publicly until we've had a chance to address it.
Email: security@cachegpt.app