Security & Trust

At McLeuker AI, security is foundational to everything we build. We are committed to protecting your data and maintaining your trust through industry-standard security practices and transparent operations.

Data Encryption

Authentication & Access Control

We use Supabase Auth with OAuth 2.0 and PKCE (Proof Key for Code Exchange) for secure authentication. User sessions are managed via secure, HTTP-only cookies. We support Google OAuth for convenient and secure sign-in. Row-Level Security (RLS) policies ensure that users can only access their own data at the database level.

Infrastructure Security

Our infrastructure is hosted on enterprise-grade platforms (Vercel, Railway, Supabase) that maintain SOC 2 Type II compliance and undergo regular third-party security audits. We use environment-based secret management and never store API keys or credentials in source code.

AI Safety & Data Isolation

User data submitted to AI models is processed in real-time and is not used to train or fine-tune any models. Each user's conversation data is isolated at the database level through Row-Level Security policies. We do not share user data between accounts or with third parties beyond what is necessary to provide the Service.

Incident Response

In the event of a data breach, we will notify affected users and the relevant supervisory authority (CNIL) within 72 hours, as required by GDPR Article 33. Our incident response process includes immediate containment, investigation, notification, and remediation steps.

Responsible Disclosure

If you discover a security vulnerability in our platform, please report it responsibly to security@mcleuker.com. We appreciate the security research community and will acknowledge your contribution. Please do not publicly disclose the vulnerability until we have had a reasonable opportunity to address it.

Contact

For security-related questions or concerns, please contact security@mcleuker.com.