Security
Your data security is our priority. Here's how we protect your information.
🔐
Data Encryption
In Transit
All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher. We enforce HTTPS across all our services.
At Rest
Data stored in our databases and file storage is encrypted using AES-256 encryption through AWS managed encryption services.
🔑
Password Security
- ✓Passwords are hashed using bcrypt with a strong salt factor
- ✓We never store plaintext passwords
- ✓Minimum 8 characters with complexity requirements (uppercase, lowercase, numbers)
- ✓Password reset tokens expire after 1 hour
🛡️
Authentication
- ✓Secure token-based email verification
- ✓OAuth authentication via trusted providers (Google)
- ✓Session tokens are cryptographically signed
- ✓Verification tokens are SHA-256 hashed before storage
📄
Document Handling
For products that handle documents (like RealtyShield):
- ✓Documents are processed for analysis only
- ✓Uploaded documents are automatically deleted after 30 days
- ✓You can request immediate deletion at any time
- ✓We never use customer documents to train AI models
☁️
Infrastructure
- ✓Hosted on Amazon Web Services (AWS)
- ✓US-based data centers (us-east-1 region)
- ✓PostgreSQL database with automated backups
- ✓Regular security updates and patching
🔍
Responsible Disclosure
If you discover a security vulnerability, we appreciate your help in disclosing it responsibly.
Please report security issues to: security@chameleonlabs.ai
See our security.txt for more details.