Privacy by design. Transparent controls. Responsible AI.
Core Security Principles
Our platform is built with a security-first mindset from the ground up.
Authentication & Session Management: Secure JWT validation on every request, short-lived access tokens, and device-bound sessions.
Authorization & Data Isolation: Strict role-based access control (RBAC) and row-level security in our database ensure you only see the data you're supposed to.
Data Protection: We enforce TLS 1.3 for all services and encrypt all data at rest using AES-256. Backups are encrypted with separate key material.
Privacy & Compliance
We respect user privacy and are committed to compliance.
Privacy by Design: We practice data minimization, collecting only what is necessary for progress tracking.
User & Parental Controls: We provide tools for GDPR data subject rights (export, delete) and parental consent for minors (COPPA).
Voice Data Handling: All voice processing happens locally on-device. Voice data is deleted immediately after processing by default.