Trust & Security

AI App Ninja just launched. We're a small team building in public. We are not SOC 2, ISO 27001, HIPAA, or PCI certified, and we don't claim to be. As we grow, we plan to formalize our security program and pursue independent audits — when that happens, we'll publish the report details here.

• Sign-in is handled by our managed authentication provider with hashed credentials.
• Sessions use secure, HTTP-only cookies and short-lived tokens.
• Administrative access to production data is limited to the core team.

• All traffic is served over HTTPS (TLS).
• Data at rest is stored on managed cloud infrastructure with encryption enabled by the provider.
• Row-level access rules restrict reads and writes to the data each user owns.

We build on managed cloud services for hosting, database, authentication, and email. Each provider has its own security and compliance posture. We'll publish a full subprocessor list when we have business customers who need one.

• We collect the minimum needed to run the site — see the Privacy Policy.
• We don't sell personal information.
• We don't run cross-site advertising trackers.

Security is a shared model. We secure the platform and our code; you protect your account by using a strong, unique password and keeping your devices secure.

If you believe you've found a security issue, please contact us privately before public disclosure. We appreciate responsible reports and will respond as quickly as we can.

We'll grow our security program in step with the product. When we add features for business customers (teams, SSO, audit logs), we'll evaluate formal frameworks like SOC 2. We won't claim certifications we haven't earned.