Security at Pokee AI

At Pokee AI, we are deeply committed to protecting your data. This page outlines the measures we take to ensure the security and integrity of your information.

Data Encryption

We employ robust encryption protocols to protect your data both in transit and at rest.

  • In Transit: All data transmitted between you and our servers is encrypted using industry-standard TLS 1.2 or higher. This ensures that your data is protected from eavesdropping and man-in-the-middle attacks.
  • At Rest: Your data stored on our servers is encrypted using AES-256, one of the strongest block ciphers available. This includes database entries, files, and backups.

Access Control

We adhere to the principle of least privilege, ensuring that access to your data is strictly limited.

  • Internal Access: Access to user data by Pokee AI employees is restricted to a small number of authorized personnel for the purposes of customer support and system maintenance. All access is logged and monitored.
  • User Authentication: We provide secure authentication methods for you to access your account, including support for third-party sign-in providers like Google and GitHub, leveraging their security measures.

Third-Party Integrations and Access Tokens

Pokee AI integrates with various third-party services to enhance its functionality. We handle your access tokens for these services with utmost care.

  • Token Encryption: All third-party access tokens (e.g., for Google Drive, Zoom, etc.) are encrypted at rest using AES-256.
  • Scoped Permissions: When you connect a third-party service, we only request the minimum permissions necessary for the integration to function. We never request broad access to your accounts.
  • Token Usage: Access tokens are only used to perform actions that you explicitly authorize within the Pokee AI platform. They are never shared with other third parties.
  • Revoking Access: You can revoke our access to any third-party service at any time from your account settings or from the third-party service's settings page. Upon revocation, the corresponding access token is immediately and permanently deleted from our systems.

Data Retention and Deletion

We have clear policies for data retention and provide you with control over your data.

  • Data Retention: We retain your data only for as long as your account is active or as needed to provide you with our services.
  • Data Deletion: You can request the deletion of your account and all associated data at any time. Upon receiving a deletion request, we will permanently remove your data from our production systems within a specified timeframe, as outlined in our Privacy Policy.

Compliance and Certifications

We are committed to adhering to industry-standard security and privacy frameworks. Pokee AI is built on infrastructure that complies with leading standards such as SOC 2, ISO 27001, and is GDPR compliant. We are continuously working to enhance our compliance posture.

Reporting Security Vulnerabilities

We value the contributions of security researchers and the community in helping us maintain a secure platform. If you believe you have discovered a security vulnerability, please report it to us at support@pokee.ai. We are committed to investigating and addressing all valid reports.

Contact Us

If you have any questions or concerns about security at Pokee AI, please do not hesitate to contact us at support@pokee.ai.