Security
Built to protect your work
AskCHOW handles your projects, files, memory, and decisions. We treat security as a core product requirement, not an afterthought.
🔐
Encryption at rest
All data stored in Supabase is encrypted at rest using AES-256.
🔒
TLS everywhere
All connections between your browser and our servers use TLS 1.3.
🛡️
No API key exposure
All AI and third-party API keys live in server-side environment variables. Never exposed to the client.
⏱️
Rate limiting
All API endpoints are rate limited per user and per IP to prevent abuse.
🍪
Secure sessions
Auth tokens stored as httpOnly, Secure, SameSite=Strict cookies. Not accessible via JavaScript.
🚫
Abuse protection
Browser fingerprinting and IP-based fraud detection on free tier signups.
📁
Secure file handling
Uploaded files are processed in memory. Contents are not retained after analysis unless explicitly saved.
🔑
Row-level security
Supabase RLS policies ensure users can only access their own data. No cross-user data leakage.
Memory security
AskCHOW's memory system is privacy-first:
• Private memory is never accessible via public pages without your explicit approval
• Memory items have source labels so you know where they came from
• You can view, edit, delete, or export all memory at any time from /memory
• Sensitive categories (health, legal, financial, relationship) are not auto-saved
• Memory export is available as JSON at any time
• Account deletion removes all memory within 30 days
Public pages
If you create a public AskCHOW page:
• Only memory items you explicitly mark "public" are accessible
• Private memory items are completely blocked from public page access
• Public pages are sandboxed — visitors cannot interact with your private data
• You can revoke public access at any time from Settings
Responsible disclosure
Found a security vulnerability? We take reports seriously and respond within 24 hours.
Email: security@askchow.ai