← Back to Home

Security

Last updated: February 25, 2026

At Zeitclaim, we take the security of your data seriously. This page describes the measures we have in place to protect your information.

Data Encryption

  • All data in transit is encrypted using TLS (HTTPS).
  • Data at rest is encrypted by our infrastructure providers (Convex, Vercel).

Authentication

  • Passwords are securely hashed — we never store passwords in plain text.
  • OTP (one-time password) verification via email for account confirmation.
  • Session tokens are securely managed and expire after inactivity.
  • OAuth 2.0 via GitHub — when using social sign-in, authentication is delegated to GitHub. We receive only your basic profile data (name, email, avatar) via a short-lived authorization code exchange. Your GitHub password is never shared with us.

Infrastructure

  • Hosting: Vercel (global edge network with automatic DDoS protection).
  • Database: Convex (managed backend with built-in access controls).
  • Analytics: PostHog EU Cloud (Frankfurt, Germany) — analytics data stays in the EU.
  • Email: Resend (EU Ireland) for transactional email; Strato (Germany) for support email.

Payment Security

We never process or store payment card data. All payment processing is handled by our Merchant of Record, which uses PCI DSS-compliant payment processors.

AI Data Handling

  • Google Gemini: Your chat messages are sent via API only during active requests. Google does not store API data or use it for model training.
  • OpenAI Whisper: Voice audio is transcribed in real-time and immediately discarded. No audio is stored on our servers or by OpenAI.

Access Control

  • Only the service operator has access to production infrastructure.
  • Database access is restricted and authenticated.
  • Third-party services are limited to the minimum data required for their function.

Data Backup

  • Database backups are managed by Convex as part of their infrastructure.
  • Backups are used solely for disaster recovery.

Vulnerability Disclosure

If you discover a security vulnerability in Zeitclaim, please report it responsibly:

  • Email: info@zeitclaim.com
  • Please provide sufficient detail to reproduce the issue.
  • We aim to acknowledge your report within 72 hours.
  • Please allow us reasonable time to address the vulnerability before any public disclosure.

We appreciate responsible disclosure and will acknowledge your contribution.

Questions

If you have questions about our security practices, contact us at info@zeitclaim.com.