Security

Data in transit

All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher. We do not support unencrypted HTTP connections for any authenticated endpoints.

Document handling

Documents you upload are sent to Anthropic's Claude API for processing under our enterprise agreement, which includes a data processing addendum and a no-training commitment. Anthropic does not use API inputs to train its models.

We do not permanently store the raw text of your uploaded documents. Only the generated précis, grader output, and associated metadata are retained in your generation history.

Authentication

Authentication is handled by Supabase Auth. Passwords are never stored in plaintext; they are hashed using bcrypt before storage. We support email/password login and Google OAuth.

Sessions are managed with short-lived JWTs. You can log out at any time to invalidate your session.

Access control

Row-level security (RLS) is enforced at the database layer. Users can only read and write their own data. Organisation members can access shared presets within their organisation, but cannot access data belonging to other organisations or users.

Service role credentials and API secrets are never exposed to client-side code.

Reporting a vulnerability

If you discover a security vulnerability, please report it responsibly to security@precisai.in. We will acknowledge your report within 48 hours and work to resolve confirmed issues promptly.