AI Review Analyzer

Security Policy

1. General Provisions

  • This security policy defines the main measures for protecting user data and application infrastructure.
  • The policy is mandatory for all users, employees, and developers working with this application.

2. Data Storage and Processing

  • All users' personal data is stored in a secure database (PostgreSQL) with regular backups.
  • Access to data is limited to authorized users using a multi-level permissions system.
  • All files uploaded by users are stored in a separate secure storage and are accessible only to their owners and administrators.

3. Authentication and Authorization

  • User authentication is implemented using modern standards: JWT tokens are stored only in secure httpOnly cookies.
  • Protection against CSRF attacks (cross-site request forgery) is implemented on all critical endpoints.
  • Strict user rights checking is applied for access to personal data and operations.

4. Encryption and Communication Security

  • All data transmission between the client and the server is carried out over a secure HTTPS protocol.
  • User passwords are stored only in encrypted form (bcrypt or a similar algorithm).

5. Development and Operations Security

  • Only up-to-date and trusted versions of third-party libraries and dependencies are used.
  • All changes undergo code review and testing before deployment.
  • Regular security audits and monitoring of suspicious activity are conducted.

6. Backup and Recovery

  • The database and user files are regularly backed up to secure servers.
  • Fast data recovery procedures are implemented in case of failures.

7. User Responsibility

  • Users are required to use strong passwords and not share their data with third parties.
  • Uploading malicious files or inappropriate content is strictly prohibited.
  • If a vulnerability or suspicious activity is discovered, the user must immediately notify the project administration.

8. Incident Response

  • In the event of incidents or data breaches, an internal investigation is immediately conducted.
  • Users will be notified of any breaches or incidents as soon as possible via the contact information provided during registration.

9. Changes to the Security Policy

  • The security policy may be amended, with users being notified via the website and/or email.