How we protect you
Security
Security is built into AaiBuddy from the data model up. A few of the practices we hold ourselves to during the preview.
Credentials
Passwords are stored only as salted hashes — never in plain text — and reused passwords are rejected on reset.
Password-reset and verification codes are single-use, time-limited, attempt-limited, and stored only as hashes.
Secrets & tokens
Third-party tokens for connected products live in a dedicated secrets manager. Our database keeps only a reference, so raw secrets never sit in app storage.
Transport & access
Traffic is served over TLS. Access to data is scoped per account and guarded by signed, expiring session tokens.
Sessions can be reviewed and revoked, and sign-out ends the active session.
Responsible disclosure
Found something? We welcome reports and will work with you to confirm and fix issues quickly.
Effective 1 June 2026 · Early preview · Report: security@aaibuddy.local