FeaturesHow it worksPricingFAQ
Sign inStart free

Security

Your data is
your business.

Your writing is deeply personal. Here's exactly how we protect it — and what to do if you ever find something wrong.

Encryption everywhere

  • All data in transit encrypted with TLS 1.3
  • All data at rest encrypted with AES-256
  • Database connections require encrypted channels
  • API keys and secrets stored in encrypted vaults, never in code

Access control

  • Row-level security (RLS) on all Supabase tables — users can only access their own data
  • Magic link authentication — no passwords stored or transmitted
  • Principle of least privilege for all internal systems
  • Team member access to production data is logged and audited

Infrastructure security

  • Hosted on Vercel (frontend) and Supabase / AWS (database) — enterprise-grade infrastructure
  • Automated vulnerability scanning in our CI/CD pipeline
  • Dependencies monitored for known CVEs
  • Regular security reviews of authentication and authorization flows

Your training data

The writing samples you upload are the most sensitive data you share with us. We treat them accordingly:

  • Training content is stored isolated per user — no cross-user access is possible at the database level
  • We do not use your training content to improve our general AI models
  • Training content is not shared with third-party AI providers beyond what is necessary to generate your specific voice model
  • Deleting your account triggers deletion of all training content within 30 days

Third-party providers

We rely on the following infrastructure providers, each with their own security certifications:

VercelFrontend hosting — SOC 2 Type II certified
Supabase / AWSDatabase and storage — SOC 2 Type II, ISO 27001
Anthropic / OpenAIAI inference — data processed under zero-retention API agreements

Responsible disclosure

If you discover a security vulnerability in Draftveil, we want to know. We appreciate responsible disclosure and will work with you to understand and resolve the issue quickly.

01

Email us

Send a detailed report to security@draftveil.com. Include reproduction steps, potential impact, and any supporting evidence.

02

We acknowledge

You'll receive an acknowledgment within 24 hours confirming we've received your report and are investigating.

03

We investigate and fix

We aim to resolve confirmed critical vulnerabilities within 7 days and all others within 30 days.

04

We keep you informed

We'll update you on our progress and notify you when the issue has been resolved.

Security contact

For security vulnerabilities, email us at security@draftveil.com. Please do not report security issues through public GitHub issues or social media.

security@draftveil.com →