Security
How we protect your account, your data, and your payment information.
Authentication
Passwords are hashed with bcrypt before storage. Session tokens are httpOnly cookies that are never accessible to JavaScript. We do not store plaintext credentials anywhere.
Data storage
Your generation history and prompts are stored in a private database accessible only to your account. We do not share your content with other users or third parties.
AI processing
Email generation requests are sent to Anthropic's Claude API over encrypted HTTPS connections. We do not send identifying information (name, email address) to the AI — only your stated goal, context, and tone preferences. Anthropic's data usage policy governs API data handling.
Payment security
All payments are processed by Stripe, a PCI-DSS Level 1 certified provider. We never store card numbers, CVVs, or other payment instrument details on our servers. Stripe handles all cardholder data.
Transport security
All traffic between your browser and our servers is encrypted via TLS 1.2+. We enforce HTTPS site-wide with HSTS headers.
Infrastructure
The application is deployed on Vercel's edge infrastructure. Database access is restricted to the application's runtime environment with principle of least privilege.
No AI training on your data
Your prompts and generated emails are never used to train AI models — ours or Anthropic's. Your content is yours.
Report a vulnerability
If you discover a security issue, please disclose it responsibly by emailing security@learnonlinewithai.com. We take all reports seriously and aim to respond within 24 hours.
For general data questions, see our Privacy Policy.