Security
Your competitive intelligence data is sensitive. We take security seriously at every layer of the stack — from encryption to access controls to how we handle third-party integrations.
Encryption
All data in transit is encrypted with TLS 1.3. Data at rest is encrypted with AES-256 on our database and file storage systems.
Authentication & Access
Passwords are hashed with bcrypt (cost factor 12). We support Google OAuth 2.0 for passwordless login. JWT tokens with short expiration windows are used for API authentication.
Data Privacy
Your watchlists, queries, and uploaded documents are strictly private. We do not share, sell, or use your data for training AI models. Each tenant's data is logically isolated.
Infrastructure
Hosted on Vercel (frontend) with backend on secure cloud infrastructure. Database runs on PostgreSQL with automated backups and point-in-time recovery.
Compliance
GDPR compliant. You can export or delete your data at any time from account settings. We maintain data processing records as required by EU regulation.
Application Security
We follow OWASP Top 10 security practices. Security headers (CSP, HSTS, X-Frame-Options) are enforced on all responses. Regular dependency auditing and vulnerability scanning.
Third-Party AI Processing
CMOP uses Anthropic (Claude) and OpenAI APIs for document enrichment and AI chat features. When documents are processed:
- •Only document content is sent — never your personal data (name, email, account info).
- •Both Anthropic and OpenAI are contractually committed to not training on our API inputs.
- •All API communication occurs over encrypted connections (TLS 1.3).
Found a security vulnerability? Report it to contact@cmoinyourpocket.com and we will investigate promptly.