Security at Mistify

We take security seriously. Your notes and data are protected with enterprise-grade security measures.

Our Security Features

End-to-End Encryption

Your notes are encrypted in transit and at rest using industry-standard AES-256 encryption.

Secure Infrastructure

Hosted on Vercel's secure infrastructure with automatic SSL, DDoS protection, and global CDN.

Privacy by Design

We never read your notes. AI processing is done in isolated environments without data retention.

License-Based Access

Secure license key system ensures only authorized users can access the application.

Payment Security

All payments processed through Stripe with PCI-DSS Level 1 compliance. We never store card details.

Regular Audits

We conduct regular security audits and penetration testing to identify and fix vulnerabilities.

Security Best Practices

All data transmitted using TLS 1.3
Passwords hashed with bcrypt
Session tokens expire automatically
Rate limiting on all API endpoints
Input validation and sanitization
SQL injection protection
XSS attack prevention
CSRF token protection

How We Handle Your Data

Note Content

Your notes are stored encrypted and are only decrypted when you access them. Our team cannot read your notes. When using AI features, content is processed in isolated environments and is not stored or used for training.

Account Information

We store only the minimum information needed: your email for license delivery and support. Payment information is handled entirely by Stripe - we never see or store your card numbers.

Data Retention

Your data is retained as long as your license is active. After expiration, you can request data export. We permanently delete data upon request, typically within 30 days.

Report a Vulnerability

Found a security issue? We appreciate responsible disclosure. Please report vulnerabilities to our security team and we'll respond within 24 hours.

Contact Security Team
Built with v0