At StorySmith, we take the security of your data and content seriously. We implement industry-standard security measures to protect your information and ensure a safe writing environment.
All data transmitted between your device and our servers is encrypted using TLS 1.3. Your content is encrypted at rest using AES-256 encryption. API keys and sensitive credentials are encrypted using .NET Data Protection APIs before storage.
We use ASP.NET Core Identity with secure password hashing (PBKDF2) and support for multi-factor authentication. User sessions are protected with secure cookies and timeout mechanisms. Access to your content is restricted to your account only.
Our servers are hosted on secure cloud infrastructure with regular security updates and patches. We implement network firewalls, intrusion detection, and monitoring systems to protect against unauthorized access and attacks.
When you provide your own API keys (BYOK - Bring Your Own Key), they are encrypted before storage and never exposed in logs or error messages. Keys are decrypted only when needed for API calls and are never transmitted to third parties except the intended AI service providers.
We conduct regular security audits and vulnerability assessments. Our codebase is reviewed for security best practices, and we stay updated with the latest security advisories and patches.
Your content is automatically backed up on a regular schedule. We maintain redundant backups in geographically distributed locations to ensure data availability and recovery in case of incidents.
In the event of a security incident, we have procedures in place to quickly identify, contain, and remediate issues. Affected users will be notified promptly in accordance with applicable data breach notification requirements.
You play an important role in keeping your account secure. Use a strong, unique password, enable multi-factor authentication if available, and never share your account credentials. Report any suspicious activity immediately.
If you discover a security vulnerability, please report it responsibly through our security contact channels. We appreciate your help in keeping StorySmith secure for all users.