DueTomorrow
--

Security & Privacy

How we protect your data and ensure service security

Last updated: January 30, 2025

Data Protection Overview

At DueTomorrow, security and privacy are fundamental to our service design. We implement multiple layers of protection to ensure your content and personal information remain secure.

Core Security Principles

  • Privacy by Design: Security and privacy considerations built into every feature
  • Minimal Data Collection: We only collect data necessary to provide our service
  • Transparent Processing: Clear information about how your data is handled
  • User Control: You maintain control over your data and account
Content Security

Text Processing Security

  • No Permanent Storage: Your original and paraphrased text is not permanently stored
  • Temporary Processing: Content is processed in memory and automatically deleted
  • Isolated Processing: Each user's content is processed in isolation
  • Secure Deletion: All traces of your content are securely removed after processing

Data Encryption

  • In Transit: All data transmitted using TLS 1.3 encryption
  • At Rest: Account data encrypted using industry-standard AES-256
  • Processing: Content encrypted during AI processing pipeline
  • Backups: All backups are encrypted and securely stored
Infrastructure Security

Cloud Security

  • Secure Infrastructure: Hosted on enterprise-grade cloud platforms
  • Access Controls: Multi-factor authentication required for all administrative access
  • Network Security: Firewalls, intrusion detection, and DDoS protection
  • Regular Audits: Periodic security assessments and penetration testing

Application Security

  • Secure Development: Security-first development practices and code reviews
  • Input Validation: All user input is validated and sanitized
  • Rate Limiting: Protection against abuse and automated attacks
  • Dependency Management: Regular updates and security scanning of all dependencies
Privacy Controls

What We Don't Do

  • No Content Training: Your content is never used to train our AI models
  • No Data Selling: We never sell your personal information or content to third parties
  • No Unauthorized Access: Your content is never accessed by our staff except for technical support when explicitly requested
  • No Long-term Storage: Your text content is not stored beyond the processing session

User Privacy Rights

  • Data Access: Request copies of all data we have about you
  • Data Correction: Update or correct your personal information
  • Data Deletion: Request complete deletion of your account and data
  • Processing Opt-out: Control how your data is processed
Compliance & Certifications

Regulatory Compliance

  • GDPR: Full compliance with European Union data protection regulations
  • CCPA: Compliance with California Consumer Privacy Act
  • SOC 2: Undergoing SOC 2 Type II certification for security controls
  • Data Processing Agreements: Available for enterprise customers

Third-Party Security

  • Stripe: PCI DSS compliant payment processing
  • Supabase: Enterprise-grade database security and authentication
  • Vercel: Secure hosting with global CDN and DDoS protection
  • Regular Assessments: All third-party services undergo security reviews
Incident Response

Security Monitoring

  • 24/7 Monitoring: Continuous monitoring of our systems and infrastructure
  • Automated Alerts: Real-time detection of potential security threats
  • Log Analysis: Comprehensive logging and analysis of system activities
  • Threat Intelligence: Integration with security threat databases

Incident Response Plan

  • Rapid Response: Security incidents are addressed within 1 hour of detection
  • User Notification: Affected users are notified promptly of any security incidents
  • Transparent Communication: Regular updates during incident resolution
  • Post-Incident Review: Comprehensive analysis and improvements after incidents

Reporting Security Issues

If you discover a security vulnerability, please report it responsibly:

  • Email: [email protected]
  • Response Time: We acknowledge security reports within 24 hours
  • Responsible Disclosure: Please allow us to address issues before public disclosure
  • Bug Bounty: We recognize and reward responsible security researchers
Data Retention & Deletion

Content Retention Policy

  • Text Content: Automatically deleted immediately after processing completion
  • Session Data: Cleared when you close your browser or session expires
  • Account Data: Retained while your account is active
  • Usage Logs: Anonymized usage statistics retained for up to 12 months

Account Deletion

When you delete your account, we ensure complete data removal:

  • Immediate: Account access is immediately revoked
  • 30 Days: Personal data is permanently deleted from active systems
  • 90 Days: Data is purged from all backups and archives
  • Legal Requirements: Some data may be retained longer for legal compliance
Security Best Practices for Users

Account Security

  • Strong Passwords: Use unique, complex passwords for your account
  • Two-Factor Authentication: Enable 2FA when available for additional security
  • Regular Updates: Keep your browser and operating system updated
  • Secure Networks: Avoid using public Wi-Fi for sensitive content

Content Security

  • Sensitive Information: Avoid including personal identifiers in text content
  • Review Output: Always review paraphrased content before use
  • Copyright Awareness: Ensure you have rights to content you're paraphrasing
  • Academic Integrity: Use our tools ethically and in accordance with institutional policies
Contact Security Team

For security-related inquiries, vulnerabilities, or concerns:

  • Security Email: [email protected]
  • Response Time: Security issues are prioritized and addressed within 24 hours
  • Encrypted Communication: PGP key available upon request for sensitive communications
  • Responsible Disclosure: We work with security researchers to address vulnerabilities responsibly