LIMITED TIME: Get 50% OFF your first year! Use code LAUNCH50 Claim Now →

1-833-GOSITEME Call Us 24/7 - Toll Free
1-833-GOSITEME
Toll-Free 24/7
 AI Hosting Token Packs SSL Certificates Training Server Support Build AI Server
GoCodeMe Online Download Editor Alfred AI — 875+ Tools Voice & AI Products — From $3/mo
Tool Directory Marketplace Pricing About Us Use Cases Compare Enterprise Documentation Changelog Fleet Dashboard Conference Rooms API Reference Getting Started Developer Portal Extensions IVR Builder Agent Templates Conversations Team Workspace SDKs Webhooks Analytics Creator Dashboard Help Center Security
Power-Up Add-Ons Domains News Contact Affiliate Program — Earn 20%
Français Login Get Started

Enterprise-Grade Security

Your data is protected by industry-leading security practices, encryption, and infrastructure — so you can focus on building, not worrying.

AES-256 Encryption TLS 1.3 GDPR Ready SOC 2 Roadmap

Security Pillars

Four foundational layers that protect every interaction with Alfred AI.

Data Encryption

All data is encrypted at rest with AES-256 and in transit using TLS 1.3. API tokens and secrets are hashed — never stored in plain text.

Access Control

Role-based access control (RBAC), multi-factor authentication (MFA), and strict session management ensure only authorized users access your data.

Infrastructure

DDoS protection, Web Application Firewall (WAF), rate limiting, and automated anomaly detection keep the platform resilient 24/7.

Compliance

SOC 2 Type II on our roadmap, GDPR ready, HIPAA considerations in place, and alignment with PCI DSS for payment handling.

Technical Details

A closer look at how we secure every layer of the stack.

Authentication & Authorization
  • Password hashing — bcrypt with a cost factor of 12; passwords are never stored in plain text.
  • Session management — HTTP-only, Secure, SameSite cookies; sessions invalidated on logout and after inactivity.
  • OAuth 2.0 — Sign in with Google and Facebook using industry-standard flows.
  • API keys — Scoped, rotatable keys with SHA-256 hashed storage.
  • Multi-factor authentication — TOTP-based 2FA available for all accounts.
Data Storage
  • MySQL encryption — Transparent Data Encryption (TDE) at the storage engine level; data at rest encrypted with AES-256.
  • Hashed tokens — API keys, webhook secrets, and session tokens are hashed before storage.
  • No plain-text secrets — Environment variables loaded from files outside the webroot; never committed to version control.
  • Automated backups — Daily encrypted backups with 30-day retention.
Network Security
  • HTTPS enforced — All traffic redirected to HTTPS via 301; HSTS enabled with includeSubDomains and preload.
  • Content Security Policy — Strict CSP headers prevent XSS, clickjacking, and unauthorized resource loading.
  • X-Frame-Options — Set to SAMEORIGIN to prevent framing attacks.
  • X-Content-Type-Optionsnosniff prevents MIME-type sniffing.
  • Rate limiting — mod_evasive and application-level throttling protect against brute-force and DDoS.
API Security
  • Rate limiting — Per-key and per-IP throttling; 429 responses with Retry-After headers.
  • Input validation — All inputs sanitized and validated server-side; prepared statements for all queries.
  • CSRF protection — Token-based CSRF guards on all state-changing endpoints.
  • Webhook signatures — HMAC-SHA256 signatures on all outbound webhooks for payload integrity verification.
  • CORS — Strict origin validation; only gositeme.com domains allowed.
Monitoring & Incident Response
  • Audit logging — All authentication events, API calls, and administrative actions are logged with timestamps and IP addresses.
  • Anomaly detection — Automated alerts for unusual login patterns, spike in errors, and suspicious API usage.
  • Incident response — Documented playbook with escalation tiers; target < 1 hour acknowledgement for critical issues.
  • Health monitoring — Real-time service health checks at /status with database, Redis, WebSocket, and MCP uptime tracking.

Compliance Matrix

How our security controls map to major compliance frameworks.

Security Feature SOC 2 GDPR HIPAA PCI DSS
Data encryption at rest (AES-256)
Encryption in transit (TLS 1.3)
Role-based access control
Multi-factor authentication
Audit logging
Data retention policies
Right to deletion
Incident response plan
Vulnerability management Roadmap Roadmap
Formal SOC 2 audit Roadmap

Responsible Disclosure

We value the security research community and welcome responsible reports.

Report a Security Issue

If you've discovered a potential vulnerability in Alfred AI or any GoSiteMe service, please report it to our security team. We investigate every report and aim to respond within 48 hours.

Scope

  • gositeme.com and all subdomains
  • Alfred AI platform (web, API, voice, WebSocket)
  • GoCodeMe IDE
  • Public-facing API endpoints

Rules of Engagement

  • Do not access, modify, or delete data belonging to other users.
  • Do not perform denial-of-service attacks or social engineering.
  • Provide a detailed description, reproduction steps, and potential impact.
  • Allow reasonable time for us to investigate and remediate before public disclosure.

Rewards

We offer recognition and, for qualifying vulnerabilities, rewards at our discretion. Severity is assessed using CVSS v3.1 scoring.

Hall of Fame

No submissions yet — be the first responsible reporter recognized here.

Data Processing

Transparency about how and where we handle your data.

Data Location

All primary data is stored on servers located in Quebec, Canada. We use Canadian data centres that comply with PIPEDA and Quebec's Law 25.

Retention Policies

  • Account data — Retained while account is active, deleted within 30 days of account closure.
  • Conversation logs — Retained for 90 days, then anonymized or deleted.
  • Audit logs — Retained for 1 year for security and compliance.
  • Backups — Encrypted daily backups retained for 30 days.

Deletion Rights

You may request the deletion of your personal data at any time by contacting privacy@gositeme.com. We process deletion requests within 30 days in accordance with GDPR and Quebec's Law 25.

Security FAQ

Common questions about how we protect your data.

Is my data encrypted?

Yes. All data is encrypted at rest using AES-256 and in transit using TLS 1.3. API tokens and secrets are hashed with SHA-256 before storage — we never store them in plain text.

Where is my data stored?

All primary data is stored in secure data centres located in Quebec, Canada. Our infrastructure complies with Canadian privacy legislation (PIPEDA) and Quebec's Law 25.

Can I delete my data?

Absolutely. Contact privacy@gositeme.com to request full deletion of your personal data. We process requests within 30 days.

Do you sell my data to third parties?

No. We never sell, rent, or trade your personal information to third parties. Your data is used solely to provide and improve Alfred AI services. See our Privacy Policy for full details.

Is Alfred AI SOC 2 certified?

SOC 2 Type II certification is on our roadmap. We already implement the controls required by the Trust Services Criteria (security, availability, confidentiality) and are actively working toward a formal audit.

Security You Can Trust

Try Alfred AI with confidence — your data is protected by enterprise-grade security at every layer.

Try Alfred Free

Someone from somewhere

just launched website.com

Just now