Security and Privacy
Your personal data security and privacy are our top priorities
Passwordless Authentication
AI Hero uses passwordless authentication via one-time passwords (OTP) sent to your email. This eliminates password reuse vulnerabilities, password breach concerns, and provides a simpler, more secure user experience.
Security Features
HTTPS Everywhere
All data is encrypted in transit using HTTPS to protect your information from interception.
HTTP-Only Cookies
Session management uses HTTP-only cookies to prevent XSS attacks and unauthorized access.
CORS Protection
Cross-Origin Resource Sharing (CORS) protection ensures that only authorized domains can access your data.
Input Validation
All user input is validated and sanitized to prevent SQL injection and other common vulnerabilities.
Data Privacy
We are committed to protecting your privacy and maintaining the confidentiality of your personal information. Our platform is designed with privacy by default, ensuring that your data remains yours.
- We never sell or share your data with third parties
- Your tasks, journal entries, and personal information remain confidential
- User data is isolated by realm - no cross-realm data leakage
- API key management and OAuth scope limitations for third-party apps
Realm Isolation
AI Hero uses realm-based workspaces to keep different life areas cleanly separated:
- Personal realm for individual tasks and goals
- Family realm for shared household management
- Work realm for professional tasks and projects
- Custom realms for any organizational structure needed
Questions About Security?
If you have specific security or privacy questions, please email us at support@aihero.studio or visit our support page.