← Back to Home

Security

Our Commitment to Security

At cece ai, we understand that you're trusting us with sensitive business communications. Security and privacy are our top priorities.

🔐 Data Encryption

Encryption in Transit

All data transmitted between your browser and our servers is encrypted using HTTPS with TLS 1.3.

  • • Login credentials
  • • Email content
  • • API requests
  • • Business information

Encryption at Rest

All data stored in our database is encrypted at rest using AES-256 encryption.

  • • Email messages
  • • User accounts
  • • Business data
  • • Configuration

👤 Authentication & Access

Secure Password Storage:

Passwords hashed using industry-standard algorithms, never stored in plain text

Session Management:

Secure session tokens with automatic expiration

Business Isolation:

Each business's data is isolated and only accessible to authorized users

🏗️ Infrastructure Security

We partner with industry-leading security-focused providers:

Vercel:

Enterprise hosting with automatic DDoS protection

Supabase:

PostgreSQL with row-level security

Postmark:

SOC 2 Type II certified email delivery

Anthropic:

AI processing with strict data privacy

🛡️ Application Security

Input validation and sanitization to prevent injection attacks
XSS protection on all user-generated content
Rate limiting (100 requests/minute per IP)
SQL injection prevention via parameterized queries

🤖 AI Processing Security

We use Anthropic's Claude AI with strict data privacy:

  • Your emails are NOT used to train AI models
  • Data retained for only 30 days for abuse monitoring
  • Encrypted transmission to Anthropic's API
  • SOC 2 Type II certified infrastructure

Report a Security Issue

If you discover a security vulnerability, please report it through our coordinated disclosure channel.

📧 security@meetcece.ai

We aim to acknowledge valid security reports promptly and will follow up as we investigate.

Authorized testing boundaries

  • • Test only accounts, workspaces, and data that you own or are explicitly authorized to use.
  • • Do not access, modify, delete, or exfiltrate customer data or confidential business information.
  • • Do not perform social engineering, phishing, spam, denial-of-service, or high-volume automated testing.
  • • Stop testing and report promptly if you encounter data that does not belong to you.

What to include

  • • A clear summary of the potential vulnerability and affected URL or endpoint.
  • • Reproduction steps, screenshots, request/response details, or proof-of-concept code when safe to share.
  • • Your assessment of impact and any conditions needed to reproduce the issue.
  • • Contact information so we can ask clarifying questions and coordinate remediation.

Submitting a report does not create any bug bounty, payment, or reward obligation unless we have separately agreed to one in writing.