Security & Reliability
Your prompts, rules, and docs are your working knowledge. We treat them that way.
Security
- Encrypted everywhere. All traffic is HTTPS/TLS and data is encrypted at rest. Plain HTTP is redirected before it carries a byte.
- Passwords we can't read. Stored only as bcrypt hashes (12+ character policy). Three failed sign-ins lock the account until it's recovered.
- Two-factor authentication (optional). Add an authenticator-app code on top of your password, with one-time backup codes. With it on, a stolen password isn't enough.
- API tokens as hashes. We store a SHA-256 hash, never the token itself — it's shown to you once. Revoking a token cuts off access instantly, everywhere it was used.
- Sessions done right. httpOnly, secure, same-site cookies. Changing or resetting your password signs out every other device on the spot.
- You see every sign-in. A devices list shows every active session (sign any out), and we email you when your account signs in from a new device.
- Company controls. Roles on every workspace, VPN/IP allowlisting, instant member revocation, and an audit log of every change.
- Payments never touch us. Billing runs on Stripe; your card number goes to Stripe's vault, not our servers.
Reliability
- Every change is undoable. Full version history on every item — restore any previous version in one click. Anything you delete waits in the Trash for 30 days.
- No silent overwrites. Optimistic locking catches two people editing the same item and warns instead of clobbering; you can see who else is in an item.
- Backed up automatically. The whole database is backed up and encrypted automatically — a disaster-recovery net so a bad day for our servers isn't a bad day for your library.
- Grace, not cliffs. Go over a limit or let a plan lapse and libraries turn read-only with a 90-day grace window and email warnings — nothing vanishes out from under you.
- Idle never means deleted. We don't purge accounts for inactivity. Step away for a year — your library is waiting.
Your data & privacy
- Never used to train models. Your library is your private working knowledge. We don't sell it, mine it, or train anything on it. The only AI that sees your prompts is the one you send them to.
- No lock-in. Download any item as a real file, export a
.zip, or pull everything over the API and MCP. You can permanently delete your account yourself from Settings — no support ticket.
Related: Working with your library · Teams & Companies