Data Security
How MeasureLLM protects your data with enterprise-grade security
Overview
At MeasureLLM, security is a top priority. We implement industry-leading security measures to protect your data, maintain compliance, and ensure your information remains private and secure.
All data encrypted in transit and at rest using AES-256
Hosted on secure cloud infrastructure with 99.9% uptime
SOC 2 Type II certified, GDPR compliant
Role-based access with audit logging
Encryption
Data in Transit
All data transmitted between your browser and MeasureLLM servers is encrypted:
- TLS 1.3 encryption for all connections
- HTTPS enforced across all endpoints
- HSTS enabled to prevent downgrade attacks
- Certificate pinning for mobile apps
Data at Rest
All stored data is encrypted using industry-standard encryption:
- AES-256 encryption for databases
- Encrypted backups
- Encrypted file storage
- Key management via AWS KMS
Infrastructure Security
Cloud Hosting
MeasureLLM is hosted on Amazon Web Services (AWS) with enterprise-grade security:
- SOC 1, SOC 2, SOC 3 certified data centers
- ISO 27001 certified infrastructure
- Physical security with 24/7 monitoring
- Redundant power and cooling systems
Network Security
- Web Application Firewall (WAF)
- DDoS protection via AWS Shield
- Private VPC networking
- Network segmentation
- Intrusion detection systems
High Availability
- Multi-AZ deployment for redundancy
- Automated failover
- 99.9% uptime SLA
- Real-time monitoring and alerting
📸 Diagram: Security Architecture
Shows the layers of security protection
Access Control
Authentication
- Password requirements (minimum 8 characters, complexity rules)
- Two-factor authentication (2FA)
- Single sign-on (SSO) for Enterprise
- Session management with automatic timeout
Authorization
- Role-based access control (RBAC)
- Principle of least privilege
- Project-level permissions
- API key scoping
Audit Logging
All security-relevant events are logged:
- Login attempts (successful and failed)
- Permission changes
- Data access and modifications
- API key usage
- Admin actions
Data Handling
Data Collection
We only collect data necessary for the service:
- Account information (email, name)
- Keywords you choose to track
- Visibility data from public AI platforms
- Usage analytics for service improvement
Data Retention
- Active account data: Retained while account is active
- Deleted data: Removed within 30 days
- Backups: Retained for 90 days, then securely destroyed
- Logs: Retained for 1 year for security purposes
Data Deletion
You can request data deletion at any time:
- Go to Settings → Data & Privacy
- Click "Export All Data" to get a copy first
- Click "Delete Account"
- Confirm deletion
All data is permanently deleted within 30 days.
Application Security
Secure Development
- Security-focused code reviews
- Automated security scanning
- Dependency vulnerability monitoring
- Regular penetration testing
Vulnerability Management
- Regular security assessments
- Bug bounty program
- Rapid security patch deployment
- Responsible disclosure policy
Employee Security
- Background checks for all employees
- Security awareness training
- Access limited to job requirements
- NDA and confidentiality agreements
- Secure remote work policies
Incident Response
We have a comprehensive incident response plan:
- 24/7 security monitoring
- Defined escalation procedures
- Rapid response team
- Customer notification within 72 hours of confirmed breach
- Post-incident analysis and improvements
Security Certifications
| Certification | Status |
|---|---|
| SOC 2 Type II | Certified |
| GDPR | Compliant |
| CCPA | Compliant |
| ISO 27001 | In Progress |
Report a Security Issue
If you discover a security vulnerability, please report it responsibly:
- Email: [email protected]
- Do not publicly disclose until resolved
- Provide detailed reproduction steps
- We'll respond within 24 hours
Questions? Contact our security team at [email protected] or review our Security page for more details.