Security & Data Protection

Your trust is our top priority. We are committed to protecting your data with robust, multi-layered security.

Our Core Security Commitments

Your uploaded files are automatically and permanently deleted within 24 hours.
We never use your data for AI training, sell it, or share it with third parties.
All data is encrypted both in transit and at rest.
Our business model is built on privacy, not on monetizing your data.

We secure every connection to our service to prevent unauthorized access and ensure data integrity.

HTTPS/TLS 1.2+ Encryption: All API requests are encrypted using industry-standard protocols, ensuring your data is secure from eavesdropping.
SSL Certificate Verification: We enforce strict SSL certificate validation to prevent man-in-the-middle attacks.
Timeout Protection: Connections are protected with a 30-60 second timeout to prevent denial-of-service (DoS) attacks from tying up resources.
Rate Limiting: To protect against brute-force attacks and abuse, we limit API requests to 100 per 15-minute window per user.

Protecting your data as it moves to and from our servers is critical. We employ multiple layers of defense.

End-to-End Encrypted Transmission: Your data is encrypted from your browser to our servers, ensuring it remains private and secure throughout the entire process.
Request Validation & Sanitization: We validate and sanitize all incoming requests to protect against common web vulnerabilities like SQL injection and cross-site scripting (XSS).
GDPR and CCPA Compliance: Our data handling practices are designed to comply with major privacy regulations, giving you control over your information.
Minimal Personal Data Transmission: We only transmit the data necessary to perform the cleaning service. No unnecessary metadata or personal information is requested or stored.

We proactively monitor our systems to detect and respond to threats, ensuring the ongoing security of our platform.

Comprehensive Audit Logging: We maintain detailed audit logs of system activity, including timestamps, endpoints accessed, and status codes, for security analysis and incident response.
No Logging of Sensitive Data: Crucially, we never log the contents of your uploaded files or any other sensitive personal data. Our logs are for operational security only.
Regular Security Updates: Our systems and dependencies are regularly patched and updated to protect against newly discovered vulnerabilities.
Continuous Vulnerability Monitoring: We employ automated tools and regular reviews to continuously scan for and remediate potential security weaknesses in our infrastructure and code.

For a complete overview of our data handling practices, please review our full documentation:

Last Updated: January 2025