SECURITY CENTER

Security

Security is core to DNUZ AI. Here is a transparent overview of how we protect your account, data, and conversations — built by a solo 16-year-old dev who takes it seriously.

Last updated: January 2025
ALL SYSTEMS SECURE

Authentication & Access

We use NextAuth.js with industry-standard OAuth and credential flows to manage authentication securely.

Password Hashingbcrypt with salt rounds — passwords are never stored in plain text
Active
Session TokensSigned JWT tokens with short expiry, stored in HttpOnly cookies
Active
OAuth ProvidersGoogle OAuth 2.0 — we only receive your email and profile info
Active
Two-Factor AuthenticationTOTP-based 2FA via authenticator apps
Coming Soon

Data Encryption

All data in transit and at rest is encrypted using modern standards.

Transport Layer SecurityTLS 1.3 enforced on all connections — HTTP is redirected to HTTPS
Active
Database EncryptionMongoDB Atlas encrypted at rest with AES-256
Active
API KeysYour API keys are stored encrypted and never logged
Active
End-to-End Chat EncryptionIn-transit encryption for all AI conversations
Coming Soon

Infrastructure Security

DNUZ AI is deployed on Vercel's edge network with multiple layers of protection.

Vercel DDoS protection and rate limiting at the edge layer
Environment variables stored encrypted in Vercel — never committed to code
Database hosted on MongoDB Atlas with IP allowlisting and VPC peering
Automated vulnerability scanning on every deployment via GitHub Actions
No user data is logged to third-party analytics or monitoring platforms

Privacy by Design

We collect only what we need to run the service — nothing more.

Conversations are not used to train AI models without your explicit consent
We do not sell or share your data with any third parties for advertising
You can delete your account and all associated data at any time from Settings
Chat history is stored only to provide continuity — not for profiling
Anonymous usage analytics are opt-in and can be disabled in Privacy Settings

API Security

Our API is rate-limited and protected against common attack vectors.

Rate LimitingPer-user and per-IP limits to prevent abuse and brute force attacks
Active
CSRF ProtectionDouble-submit cookie pattern on all state-changing requests
Active
Input SanitizationAll user inputs are validated and sanitized before processing
Active
Content Security PolicyStrict CSP headers to prevent XSS and injection attacks
Enabled

Vulnerability Reporting

Found a security issue? Please report it responsibly. We take all reports seriously and will respond within 48 hours.

We do not have a bug bounty program yet, but we genuinely appreciate responsible disclosure and will credit you publicly if you would like.

Do not publicly disclose the vulnerability before we have had a chance to fix it
Do not access, modify, or delete other users data during testing
Include reproduction steps, impact assessment, and any proof-of-concept

Security Contact

Report vulnerabilities or ask security-related questions directly:

© 2025 DNUZ AI · BUILT BY DANUZZ
Privacy PolicyTerms of ServiceCookie Policy