Security & Data Practices

    AI on the Fly

    Last updated: January 2025

    Your trust matters. We take data protection seriously and designed AI on the Fly to follow modern security standards, secure storage, and responsible data handling. This page describes how we protect your information, how our systems are secured, and the practices we follow internally.

    1. Platform Security

    Encrypted Data

    • All data transmitted between your browser and our servers is encrypted using HTTPS/TLS.
    • Data stored in our database (Supabase) is encrypted at rest.

    Infrastructure

    AI on the Fly uses:

    • Supabase for secure database, authentication, and storage
    • Stripe for payments (we never see or store your full card details)
    • Hostinger for website hosting
    • Lovable as the framework powering the app

    These services provide enterprise-grade infrastructure, continuous security updates, and monitoring.

    2. Authentication & Access Controls

    User Login Security

    • Passwords are stored as secure hashes (never in plain text).
    • Supabase authentication enforces modern hashing standards and rate-limited login attempts.

    Internal Access

    We operate on a "minimum access" model:

    • Only personnel involved in maintaining the platform have access to the database.
    • Access is logged and secured with two-factor authentication.
    • No one can access customer payment details; Stripe fully handles that.

    3. Data Storage & Retention

    What data we store

    We store only information required to operate your account:

    • Email
    • Basic profile information
    • Account preferences
    • Course progress or usage data (if applicable)

    We do not store:

    • Full payment card details
    • Sensitive personal information unrelated to your use of the service

    Backups

    Supabase generates encrypted backups automatically to protect against data loss.

    Data Retention

    • If you delete your account, your data is permanently removed from active systems.
    • Backups containing your data are deleted automatically on their rotation schedule.

    4. Billing & Payments (Stripe)

    • All payments are processed through Stripe, a certified Level 1 PCI-DSS compliant service.
    • We never handle or store full credit card numbers.
    • Stripe uses encrypted tokenization for all transactions.

    5. App Security Practices

    Database Security

    • Row-Level Security (RLS) rules ensure users only access their own data.
    • Service keys are restricted and never exposed in the client code.

    Environment Variables

    Sensitive keys and credentials are stored securely on the server and are never visible in the browser.

    Monitoring

    We monitor for:

    • Unexpected spikes in activity
    • Failed login attempts
    • Access anomalies
    • Server health issues

    6. Responsible AI Use

    AI on the Fly uses AI models to generate or personalize content. We ensure:

    • No user content is publicly shared or used to train external models
    • User data is processed only to deliver the intended features
    • AI outputs remain private to your account unless you choose to share them

    7. Your Rights and Controls

    You have control over your information. You may:

    • Access your data
    • Update your profile
    • Request deletion
    • Ask what information we store
    • Export a copy of your data (by emailing support)

    To request a data action, email: info@workforcediagnosticsllc.com

    8. Reporting a Security Issue

    If you believe you found a vulnerability or security flaw, contact us immediately at: info@workforcediagnosticsllc.com

    We take all reports seriously and respond promptly.

    9. Ongoing Improvements

    Security is an ongoing process. We regularly:

    • Update dependencies
    • Review access logs
    • Improve RLS rules
    • Monitor infrastructure
    • Evaluate new security practices as AI and SaaS evolve