Security

Data Protection

• • Transport security via HTTPS/TLS 1.2+
• • Authentication managed by Firebase Auth
• • Segregated user data by authenticated UID
• • Principle of least privilege for cloud resources
• • Access to production restricted and audited

Secure Payments

Payments are processed by our payment processor (e.g., Stripe). Card details never touch our servers. We use webhooks for post‑payment confirmation and do not store full PANs.

Data Retention & Deletion

Transient report inputs are retained up to 30 days unless you save them to your account. You can delete saved reports anytime from your account history.

Monitoring & Incident Response

• • Basic logging on API and function invocations
• • Alerting for abnormal error rates and webhook failures
• • Customer notification for incidents impacting data confidentiality, integrity, or availability

Responsible Disclosure

If you believe you've found a vulnerability, please contact us at security@aiautoreport.com. We appreciate coordinated disclosure.