InnerSightInnerSightBack to Home

Security & Data Protection

Your thoughts are precious. Learn how we protect your most personal reflections with enterprise-grade security.

Last updated: January 2025

End-to-End Encryption

AES-256 encryption protects your data at rest and in transit

Zero-Knowledge Architecture

We can't access your decrypted journal entries

Secure Infrastructure

SOC 2 compliant hosting with regular security audits

Privacy by Design

Built from the ground up with privacy as a core principle

Data Encryption

Encryption at Rest

  • AES-256 encryption for all stored data
  • Unique encryption keys for each user account
  • Key rotation performed automatically every 90 days
  • Hardware Security Modules (HSMs) protect encryption keys

Encryption in Transit

  • TLS 1.3 for all client-server communications
  • Certificate pinning prevents man-in-the-middle attacks
  • Perfect Forward Secrecy ensures past sessions remain secure
  • HSTS enforcement prevents downgrade attacks

Zero-Knowledge Architecture

Your journal entries are encrypted on your device before being sent to our servers. We never have access to your unencrypted personal thoughts or reflections. Even our AI analysis happens on encrypted data using privacy-preserving techniques.

Infrastructure Security

Cloud Infrastructure

  • • SOC 2 Type II compliant hosting
  • • Multi-region data replication
  • • Automated backup and disaster recovery
  • • 99.9% uptime SLA

Database Security

  • • Encrypted database connections
  • • Regular security patching
  • • Access logging and monitoring
  • • Principle of least privilege

Network Security

  • • Web Application Firewall (WAF)
  • • DDoS protection and mitigation
  • • Intrusion detection systems
  • • Network segmentation

Monitoring & Logging

  • • 24/7 security monitoring
  • • Real-time threat detection
  • • Comprehensive audit logs
  • • Incident response procedures

Access Controls

User Authentication

Strong Authentication

  • • Multi-factor authentication (MFA)
  • • Biometric authentication support
  • • Password strength requirements
  • • Account lockout protection

Session Management

  • • Secure session tokens
  • • Automatic session expiration
  • • Device registration and tracking
  • • Concurrent session limits

Internal Access Controls

Employee Access

  • • Role-based access control (RBAC)
  • • Principle of least privilege
  • • Regular access reviews
  • • Background checks for all staff

Administrative Safeguards

  • • Multi-person authorization for sensitive operations
  • • Audit trails for all administrative actions
  • • Time-limited emergency access procedures
  • • Regular security training for all employees

AI Processing Security

Privacy-Preserving AI

Secure AI Processing

  • Federated Learning: AI models are trained without exposing individual data
  • Differential Privacy: Statistical noise protects individual privacy
  • Homomorphic Encryption: AI analysis on encrypted data
  • Local Processing: Sensitive analysis happens on your device when possible

Data Minimization

  • • Only necessary data is processed for insights
  • • Personal identifiers are removed from AI training data
  • • Temporary processing data is immediately deleted
  • • AI models cannot reconstruct original journal entries

Compliance & Certifications

Current Compliance

  • GDPR - European Union data protection
  • CCPA - California Consumer Privacy Act
  • SOC 2 Type II - Security and availability controls
  • ISO 27001 - Information security management

Planned Certifications

  • HIPAA - Healthcare data protection (2025)
  • ISO 27701 - Privacy information management (2025)
  • FedRAMP - Federal risk authorization (2026)
  • CSA STAR - Cloud security certification (2025)

Security Practices

Regular Security Assessments

Penetration Testing

Quarterly third-party security assessments

Vulnerability Scanning

Continuous automated security scanning

Code Reviews

Security-focused code review process

Incident Response

We maintain a comprehensive incident response plan with 24/7 monitoring and rapid response capabilities.

  • Detection: Real-time monitoring and alerting systems
  • Response: Immediate containment and mitigation procedures
  • Communication: Transparent user notification within 72 hours
  • Recovery: Systematic restoration and post-incident analysis

Protecting Your Account

Security Best Practices for Users

Account Security

  • • Use a strong, unique password
  • • Enable two-factor authentication
  • • Log out from shared devices
  • • Review account activity regularly

Device Security

  • • Keep your device OS updated
  • • Use device lock screens
  • • Avoid public Wi-Fi for sensitive activities
  • • Install security updates promptly

Security Contact

If you discover a security vulnerability or have security concerns, please contact our security team:

Security Email: innersightjournal@gmail.com

Subject Line: [SECURITY] - Brief description of issue

Response Time: We respond to security reports within 24 hours

Responsible Disclosure: We appreciate security researchers who report vulnerabilities responsibly. We're committed to working with the security community to keep InnerSight safe for everyone.

Security Updates

This security documentation is regularly updated to reflect our current practices and improvements. We continuously enhance our security measures and will update this page to reflect any significant changes to our security posture.