Security

Our Security Approach

As a student project, we implement security measures appropriate for educational purposes. Our security approach focuses on basic protection while maintaining the educational nature of the project.

Data Protection Measures

Encryption

• In Transit: All data transmission uses HTTPS/TLS encryption
• At Rest: Basic encryption for stored data (limited scope)
• File Processing: Temporary encryption during AI processing

Access Controls

• Basic authentication for service access
• Limited access to processing systems
• Student-level access controls (not enterprise-grade)

Data Retention

• Automatic Deletion: All uploaded files deleted within 24 hours
• Processing Data: Temporary storage only during analysis
• Logs: Basic error logs retained for debugging (anonymized)

Infrastructure Security

Hosting Security

• Cloudflare: Secure hosting with DDoS protection, global CDN, and rate limiting
• SSL Certificates: Valid SSL certificates for all connections

Network Security

• HTTPS-only connections
• Basic firewall protection
• Rate limiting to prevent abuse
• No direct database access from public internet

AI Processing Security

Our AI processing includes basic security measures:

• Google Gemini API: Secure API communication with authentication
• Data Isolation: Each request processed independently
• No Data Persistence: AI models don't retain your data
• Basic Validation: File type and size validation

Security Limitations

Important: As a student project, we have limitations:

• No enterprise-grade security audits
• Limited security monitoring and alerting
• Basic incident response capabilities
• No dedicated security team
• Limited penetration testing
• No SOC 2 or similar certifications

Data Privacy

We take privacy seriously within our student project constraints:

• No Data Selling: We never sell or share your data
• Minimal Collection: We collect only necessary data
• Automatic Deletion: Data deleted within 24 hours
• No Tracking: Basic analytics only, no personal tracking

Security Best Practices for Users

To help maintain security, please:

• Only upload non-sensitive documents
• Don't upload confidential or personal information
• Use strong, unique passwords for any accounts
• Keep your browser and devices updated
• Report any security concerns immediately

Incident Response

In case of a security incident:

• We will investigate and respond as quickly as possible
• We will notify affected users if necessary
• We will take appropriate remedial action
• Note: Response times may be longer than commercial services

Vulnerability Reporting

If you discover a security vulnerability, please report it to:

Email: mliudev@proton.me
Subject: "Security Vulnerability Report"
Response Time: We will acknowledge within 48 hours and investigate promptly

Third-Party Security

We rely on these third-party services for security:

• Cloudflare: Secure hosting, deployment, and DDoS protection
• Google Gemini: Secure AI processing
• Next.js: Secure web framework

Regular Updates

We regularly update our student project to address security issues:

• Dependency updates for security patches
• Framework updates for latest security features
• Code improvements based on security best practices
• Regular review of security measures

Contact Information

For security-related questions or concerns:

Email: mliudev@proton.me
Project Creator: Michael Liu
Institution: University of Rochester
Response Time: Within 48 hours (student project limitations apply)