Security at FlavorGPT
Security is not a feature we bolt on — it's the foundation the entire platform is built on. Here's how we protect your data, your identity, and your workflows.
Fingerprint-First Authentication
No email required. Your 32-character fingerprint is your identity. We store only a hashed version — the original can never be recovered from our side.
Zero-Knowledge Encryption
Uploaded documents and knowledge base content are encrypted at rest. Your data is scoped to your account and inaccessible to other users or our internal teams.
No Training on Your Data
Your conversations, files, and generated outputs are never used to train AI models. Your data stays yours — period.
Encrypted Transit
All data transmitted between your browser and our servers is encrypted via TLS 1.3. API calls to model providers are routed through encrypted tunnels.
SOC2-Ready Architecture
Our infrastructure is designed to meet SOC2 Type II compliance requirements, with audit logging, access controls, and data residency configurations.
Scoped API Keys
Admin API keys (fgpt_*) are SHA-256 hashed at rest, support per-scope permissions, and can be set with expiration dates. No plaintext key storage.
Rate Limiting & Abuse Prevention
All API endpoints are protected by sliding-window rate limiting. Automated retry cascades are disabled on timed-out requests to prevent amplification.
Dependency Security
We maintain zero critical vulnerabilities in our dependency tree. Automated scanning runs on every deployment and all audit findings are resolved before release.
Report a Vulnerability
If you discover a security vulnerability, please report it responsibly. We take all reports seriously and will respond within 48 hours.
[email protected]