Trust & Security

Security & Privacy

ReliableAI is designed for high-stakes professional work. Here is a complete, honest account of how your data is handled, what security measures are in place, and what rights you have.

🔒 HTTPS everywhere

🇪🇺 EU operated

🚫 No model training

📋 GDPR compliant

🗑️ Deletion on request

🔑 Encrypted sessions

📡 How your data flows

When you submit a query, ReliableAI routes it to the selected AI model APIs (Anthropic, OpenAI, Google, xAI, Moonshot, Alibaba) over HTTPS. The request is made server-side from our infrastructure — your IP is never exposed to model providers.

      What is sent to model providers: your question text and conversation history for the current session. Nothing else. No account information, no email, no metadata about you as a user is transmitted to AI providers.
    

All API connections use TLS 1.2+ with certificate validation
Responses are streamed directly to your session — not stored in transit
Model providers process requests under their standard API terms, which prohibit training on API inputs

🗄️ What we store

Data type	Where stored	Retention	Your control
Account (email, username, hashed password)	SQLite DB on our server	Until deletion requested	Delete via email
Query history	SQLite DB, encrypted at rest	30 days (Pro) / 365 days (Expert/Team) / 0 (Explorer)	Delete from app
Session cookie	Browser only (HttpOnly, Secure)	30 days	Clear browser data
Uploaded files (PDF/images)	SQLite as base64, associated with project	Until project deleted	Delete project
Billing info	Stripe (PCI-compliant)	Per Stripe policy	Via billing portal

🔑 Authentication & sessions

Passwords are hashed with bcrypt (12 rounds) — never stored in plaintext
Session cookies are HttpOnly (no JavaScript access), Secure (HTTPS only), SameSite: Lax
Sessions are stored server-side in SQLite — not in the cookie payload
Email verification required to unlock full features
Password reset via time-limited tokens (1-hour expiry)
Rate limiting: 20 auth attempts per 15 minutes per IP

🇪🇺 GDPR & your rights

ReliableAI is operated from the EU and designed to comply with GDPR. As a user you have the following rights:

Right of access: request a copy of all data we hold about you
Right to erasure: request full account and data deletion
Right to portability: export your query history from the app
Right to object: opt out of any non-essential processing
Right to rectification: correct inaccurate personal data

      To exercise any of these rights, email info@reliableai.net with subject "GDPR request". We respond within 72 hours. Data deletion is completed within 30 days.
    

A Data Processing Agreement (DPA) is available for Team plan customers on request.

🖥️ Infrastructure security

Hosted on Hostinger VPS in the EU region
HTTPS enforced via Let's Encrypt (auto-renewing)
All database queries use parameterized statements (no SQL injection risk)
Helmet.js HTTP security headers (XSS protection, HSTS, etc.)
Input sanitization on all user-supplied data
Rate limiting on all API endpoints
Admin access protected by role-based session authentication with full audit log

🤖 AI model provider policies

The following providers process query text via their APIs. Each prohibits using API inputs for model training:

Provider	No training on API data	Data residency	Privacy policy
Anthropic (Claude)	✓ Confirmed	US	anthropic.com/privacy
OpenAI (GPT)	✓ API opt-out default	US	openai.com/privacy
Google (Gemini)	✓ Confirmed	US/EU	ai.google.dev/terms
xAI (Grok)	✓ Confirmed	US	x.ai/privacy
Moonshot (Kimi)	⚠ Review recommended	CN	moonshot.cn
Alibaba (Qwen)	⚠ Review recommended	CN	alibabacloud.com

⚠ For work involving sensitive or regulated data, we recommend disabling Kimi and Qwen (CN-based providers) in your model selection.

🚨 Incident response

In the event of a security incident affecting user data:

Affected users will be notified by email within 72 hours
A public incident report will be published within 7 days
Regulatory notification to the relevant EU supervisory authority if required under GDPR Article 33

To report a security vulnerability, email info@reliableai.net with subject "Security disclosure". We aim to respond within 24 hours.

Questions about security or privacy?

We're happy to answer detailed questions from enterprise customers, legal teams and compliance officers.

info@reliableai.net →

Last updated: April 2026 · ← Back to home