Trust & Safety

Security

Security is a core part of how we build InsightWorker. Here is an overview of the measures we take to protect your data and account.

Security Pillars

Encryption

All data is encrypted in transit using TLS 1.2+ and at rest using AES-256. Your files and credentials are never stored in plain text.

Authentication

Passwords are hashed with bcrypt. We support Google OAuth for passwordless login. Sessions are signed JWTs with short expiry windows.

Infrastructure

InsightWorker runs on Vercel's edge infrastructure. Files are stored in Vercel Blob with private access controls — only you can access your files.

Access Controls

Every API route enforces server-side authentication. File and analysis access is scoped strictly to the authenticated user — no shared data.

Dependency Management

We monitor our dependencies for known vulnerabilities and apply security patches promptly. Our build pipeline runs automated checks on every deployment.

Incident Response

In the event of a security incident, we commit to notifying affected users within 72 hours and providing a clear summary of impact and remediation steps.

Security Practices

Private blob storage — uploaded files are not publicly accessible by URL without authentication.
Anthropic API calls are made server-side only — your API keys are never exposed to the browser.
Database connections use SSL and are restricted to our application servers.
No third-party analytics or advertising scripts are loaded on authenticated pages.
Lemon Squeezy handles all payment processing — we never store card numbers or CVVs.
Contact form submissions are stored server-side and never shared with third parties.

Report a Vulnerability

If you discover a security vulnerability, please report it responsibly through our contact form. We take all reports seriously and will respond within 48 hours. Please do not publicly disclose the issue until we have had a chance to address it.