Security

All data sent to or from KleoAI is encrypted in transit using 256-bit encryption. Our API and application endpoints are strictly TLS/SSL only.

Your data is also encrypted at rest within our databases. We utilize modern cloud providers that maintain compliance with SOC 2 and ISO 27001 standards.

We use industry-leading authentication providers (Firebase Auth) to manage your identity. Your passwords are never stored in plaintext on our servers; they are securely hashed and salted.

We support secure OAuth providers like Google, ensuring that we never even touch your password if you choose to sign in with an external account.

When you upload files (PDFs, images), they are transferred securely via signed URLs to private cloud storage buckets. Only our backend parsing services are granted temporary access to read the files.

Files are automatically scheduled for deletion after they have been processed and parsed into text, minimizing the footprint of your original documents on our servers.

We partner with enterprise-grade AI providers (such as Anthropic) to generate your quizzes. We have strict data processing agreements in place ensuring that your data is not used to train their base models.

The text extracted from your notes is sent to the AI securely, processed ephemerally, and the results are immediately stored back in your private database.

We monitor for suspicious activity, such as unusually high volumes of requests or logins from unknown devices. We employ rate limiting to protect our APIs from brute-force attacks and abuse.

If you believe your account has been compromised, please contact our support team immediately so we can lock the account and assist with recovery.