Your contacts, your network, your relationships — never shared, never sold, never used to train AI. Here's how that promise is structurally enforced.
Encryption
Sealed at rest and in flight
All data encrypted with AES-256 at rest and TLS 1.3 in transit. Your contacts never travel unprotected — not between your browser, our servers, or the 6away Engine. LinkedIn session cookies are AES-256-GCM encrypted before storage and never returned in plaintext from any API.
AES-256 · TLS 1.3 · AES-256-GCMIsolation
Every user is a fortress
All queries are scoped by user ID at the database layer. There is no query path that can reach another user's data. Isolation is structural, not policy. Destructive operations additionally verify row ownership before executing.
Infrastructure
Vercel Pro · Singapore
Automatic failover, DDoS protection, and 99.99% uptime SLA. Deployed in Singapore — close to where most of your data lives in the region.
Database
Neon PostgreSQL
Point-in-time recovery, automated backups, and branch-level isolation. Your data survives anything — and stays yours alone.
Authentication
Google OAuth 2.0 + magic link
We never see your Google password. Authentication flows through Google's secure OAuth with minimal scope requests. Magic link sign-in also available. Password changes require proof of the current password.
AI Processing
Ephemeral by design
AI nudges use GPT-4o Mini via the 6away Engine with zero training on your data. Processing is ephemeral — your relationship context never becomes a model's training set.
Privacy
Ghost profiles are private by default
Every imported contact starts as a private ghost profile — invisible to them, invisible to others. Nothing happens without your explicit action. Import is always private.
Uploads
Content-sniffed, not trusted
Profile photo uploads are validated server-side by sniffing magic bytes (JPEG/PNG/WebP) — the browser-reported MIME type is ignored. Files are served with the sniffed content type through the Vercel Blob CDN.