Security

Our Commitment to Security

At cece ai, we understand that you're trusting us with sensitive business communications. Security and privacy are our top priorities.

We implement industry-standard security practices and continuously monitor for threats to keep your data safe.

🔐 Data Encryption

Encryption in Transit

All data transmitted between your browser and our servers is encrypted using HTTPS with TLS 1.3. This includes:

  • Login credentials
  • Email content
  • API requests and responses
  • Business information

Encryption at Rest

All data stored in our database (Supabase) is encrypted at rest using AES-256 encryption, including:

  • Email messages and conversations
  • User account information
  • Business configuration data

👤 Authentication & Access Control

Secure Password Storage: Passwords are hashed using industry-standard algorithms (SHA-256 with salt) and never stored in plain text
Minimum Password Requirements: Passwords must be at least 8 characters to prevent brute-force attacks
Session Management: Secure session tokens with automatic expiration
Business Isolation: Each business's data is isolated and only accessible to authorized users

🏗️ Infrastructure Security

Trusted Providers

We partner with industry-leading security-focused providers:

Vercel:Enterprise hosting with automatic DDoS protection
Supabase:PostgreSQL database with row-level security
Postmark:SOC 2 Type II certified email delivery
Anthropic:AI processing with strict data privacy (no training on your data)

Rate Limiting & DDoS Protection

We implement rate limiting (100 requests per minute per IP) on all public endpoints to prevent abuse and distributed denial-of-service attacks.

🛡️ Application Security

Input Validation: All user inputs are validated and sanitized to prevent injection attacks
XSS Protection: HTML and script tags are sanitized from email content to prevent cross-site scripting
SQL Injection Prevention: Parameterized queries prevent SQL injection attacks
CSRF Protection: Cross-site request forgery protections on state-changing operations
Security Headers: Proper HTTP security headers (Content-Security-Policy, X-Frame-Options, etc.)

🤖 AI Processing Security

We use Anthropic's Claude AI for email analysis and draft generation. Anthropic maintains strict data privacy standards:

No Training on Your Data: Your emails are NOT used to train Anthropic's AI models
Minimal Data Retention: Anthropic retains API data for only 30 days for abuse monitoring
Encrypted Transmission: All data sent to Anthropic's API is encrypted in transit
SOC 2 Type II Certified: Anthropic maintains enterprise-grade security certifications

🔒 Data Privacy

Your Data is Yours: You own your email data and can export or delete it at any time
No Selling of Data: We never sell your personal or business data to third parties
Minimal Data Collection: We only collect data necessary to provide the service
Transparent Privacy Policy: Clear documentation of what data we collect and how we use it

📊 Security Monitoring

Continuous Monitoring: Real-time monitoring of system health and security events
Automated Alerts: Immediate notification of suspicious activity or security incidents
Regular Audits: Periodic security reviews and vulnerability assessments
Dependency Scanning: Automated scanning for vulnerabilities in third-party libraries

🎯 Your Role in Security

Security is a shared responsibility. Here's how you can help keep your account secure:

  • Use a strong, unique password (8+ characters, mix of letters, numbers, symbols)
  • Don't share your account credentials with others
  • Log out from shared computers
  • Monitor AI-generated responses in your dashboard (full visibility into every action)
  • Report any suspicious activity to hello@meetcece.ai immediately
  • Keep your contact email up to date for security notifications

🚨 Incident Response

In the unlikely event of a security incident:

  • We will notify affected users within 72 hours
  • We will provide clear information about what happened and what data was affected
  • We will take immediate action to contain and remediate the incident
  • We will conduct a thorough post-incident review to prevent recurrence
  • We will cooperate with law enforcement and regulatory authorities as required

Report a Security Issue

If you discover a security vulnerability, please report it responsibly:

📧 security@meetcece.ai (or hello@meetcece.ai)

We appreciate responsible disclosure and will respond to all security reports within 24 hours.