Transport security
All traffic between your device and Ignored AI is served over HTTPS/TLS. HTTP requests are redirected to HTTPS. HSTS is enabled at the edge.
Encryption
- In transit: TLS 1.2+ for all client-server traffic and for connections to our sub-processors.
- At rest: account data, scan history, and uploaded files are stored on managed cloud infrastructure with disk-level encryption.
Authentication
- Passwords are never stored in plaintext; they are hashed with an industry-standard algorithm.
- Sign-in via third-party providers (e.g. Google, Apple) uses OAuth 2.0 / OpenID Connect.
- Session tokens are stored in secure, HTTP-only cookies or protected local storage and are rotated on sign-out.
Infrastructure
- Hosted on managed cloud platforms (Cloudflare edge, Supabase-managed database and storage).
- Access to production systems is restricted to a limited set of team members and gated by strong authentication.
- Automated dependency and security scanning runs on our source code.
- Server logs are retained for a limited period for security and reliability purposes.
Payment security
Payments are handled by our merchant of record, Paddle. We do not see or store your full card number, expiry, or CVC. Paddle is a PCI-DSS compliant payment provider.
Data isolation
- Row-Level Security is enforced at the database layer so users can only read and write their own records.
- Uploaded screenshots are stored in per-user buckets/paths and are not indexed publicly.
Protecting your account
- Use a unique, strong password (or sign in via a trusted provider).
- Do not share your account credentials.
- Sign out on shared devices.
- Contact us immediately at support@ignored.ai if you suspect unauthorised access.
Responsible disclosure
If you believe you have found a security vulnerability, please email support@ignored.ai with:
- a clear description of the issue and steps to reproduce it;
- the affected URL(s), request(s), or component(s);
- any proof-of-concept material (screenshot, minimal script).
Please do NOT:
- access or modify data that is not your own;
- run automated scans that degrade the Service;
- publicly disclose the issue before we have had a reasonable chance to fix it.
We commit to acknowledging valid reports within 3 business days and keeping you updated on remediation.
Limitations
No online service can guarantee absolute security. The controls above represent our current practices and may evolve over time. This page is intended to describe those controls transparently — it is not a certification of compliance with any specific standard.
Contact
Mkhd Paramount Global Proprietary Limited
Email: support@ignored.ai