Security

How we protect your data

Authentication

We use Google OAuth 2.0 for authentication. We never store passwords. Sessions are managed via secure, HTTP-only cookies.

Data Encryption

All data is encrypted in transit using TLS 1.3. Data at rest is encrypted using AES-256.

Payment Security

Payments are processed by Razorpay, a PCI DSS compliant payment gateway. We never store card details on our servers.

Infrastructure

Our application runs on Vercel's global edge network. Our database is hosted on Supabase with daily automated backups and point-in-time recovery.

File Uploads

Uploaded files are scanned for malware before processing. Files are stored in Cloudflare R2 with private access controls.

Vulnerability Reporting

If you discover a security vulnerability, please report it responsibly to peppai.support@gmail.com. We aim to respond within 48 hours.