Your Data, Protected
We take security seriously. Here is how we protect your content and personal data.
Data Protection
Multiple layers of security protect your content at every stage.
Encrypted in Transit
All data is encrypted with TLS 1.3 during transmission. Every request between your browser and our servers is protected by industry-standard encryption protocols.
Encrypted at Rest
Your database is encrypted at rest via Supabase on PostgreSQL. Content, ideas, settings, and metadata are all stored with AES-256 encryption.
Row-Level Security
Every database query is filtered by user ID using PostgreSQL Row-Level Security policies. Users can only access their own data — no exceptions.
No Data Sharing
Your content is never shared with third parties, advertisers, or other users. Your ideas, drafts, and published content belong to you and only you.
AI Security
38Hub handles all AI infrastructure. Here is how we keep your data safe during AI operations.
All AI operations are managed by 38Hub's secure infrastructure. You never need to manage API keys or external accounts — AI is built into the platform.
AI requests are isolated per user. Your content is never mixed with other users' data during processing, and each request is independently authenticated and scoped.
We never log or store your AI request or response content. Prompts and completions pass through our API layer and are immediately discarded after delivery.
All AI provider credentials are managed at the infrastructure level with automated rotation, monitoring, and access controls. No sensitive keys are ever exposed to the client.
AI Data Policy
Your content stays yours. Here is our commitment to AI data handling.
Your content is NEVER used to train AI models. We have opted out of training data programs with all AI providers we integrate with, including Anthropic, OpenAI, and Google.
AI requests are made to providers (Anthropic, OpenAI, Google) through 38Hub's managed infrastructure. We facilitate the request securely but do not intercept or store the data.
We do not retain AI inputs or outputs beyond your active session. Once a response is delivered to your browser, the request data is purged from our processing layer.
You maintain full ownership and copyright of all AI-generated content. 38Hub makes no claims on the outputs produced through the platform.
Built on Supabase
Enterprise-grade infrastructure you can trust.
Powered by Supabase
Open-source backend infrastructure
All hosted on AWS infrastructure with SOC 2 Type II certification, multiple availability zones, and automated backups.
Compliance
Our commitment to data privacy standards and regulations.
GDPR-Ready
38Hub is designed with GDPR principles at its core. Users can export, modify, and delete their personal data at any time through self-serve controls.
Privacy by Design
Privacy is not a bolt-on — it is built into every feature from day one. We collect the minimum data necessary and default to the most private settings.
DPA Available
Data Processing Agreements are available on request for organizations that require formal documentation of our data handling commitments.
Regular Security Reviews
We conduct regular security reviews of our codebase, infrastructure, and third-party integrations to identify and address potential vulnerabilities proactively.
Found a Vulnerability?
We take all security reports seriously and appreciate responsible disclosure. If you have discovered a potential vulnerability, please let us know.
Report a VulnerabilityWe respond to all security reports within 48 hours.
Build with Confidence
Your content, your data, fully protected. Start creating with the security you deserve.