Your Data, Protected
We take security seriously. Here is how we protect your content, API keys, and personal data.
Data Protection
Multiple layers of security protect your content at every stage.
Encrypted in Transit
All data is encrypted with TLS 1.3 during transmission. Every request between your browser and our servers is protected by industry-standard encryption protocols.
Encrypted at Rest
Your database is encrypted at rest via Supabase on PostgreSQL. Content, ideas, settings, and metadata are all stored with AES-256 encryption.
Row-Level Security
Every database query is filtered by user ID using PostgreSQL Row-Level Security policies. Users can only access their own data — no exceptions.
No Data Sharing
Your content is never shared with third parties, advertisers, or other users. Your ideas, drafts, and published content belong to you and only you.
Your API Keys, Your Control
38Hub uses a Bring Your Own Key model. Here is how we keep your keys safe.
API keys are stored in your user profile, encrypted at rest using AES-256 encryption. They are never stored in plain text or in client-side storage.
Keys are only used for your requests — never shared, pooled, or used across accounts. Each API call is made with your individual key and billed to your provider account.
You can rotate or delete your keys at any time from the Settings page. Changes take effect immediately and old keys are permanently purged from our system.
We never log or store your AI request or response content. Prompts and completions pass through our API layer and are immediately discarded after delivery.
AI Data Policy
Your content stays yours. Here is our commitment to AI data handling.
Your content is NEVER used to train AI models. We have opted out of training data programs with all AI providers we integrate with, including Anthropic, OpenAI, and Google.
AI requests are made directly to providers (Anthropic, OpenAI, Google) using your personal API keys. 38Hub acts as a secure passthrough — we facilitate the request but do not intercept or store the data.
We do not retain AI inputs or outputs beyond your active session. Once a response is delivered to your browser, the request data is purged from our processing layer.
You maintain full ownership and copyright of all AI-generated content. 38Hub makes no claims on the outputs produced through the platform.
Built on Supabase
Enterprise-grade infrastructure you can trust.
Powered by Supabase
Open-source backend infrastructure
All hosted on AWS infrastructure with SOC 2 Type II certification, multiple availability zones, and automated backups.
Compliance
Our commitment to data privacy standards and regulations.
GDPR-Ready
38Hub is designed with GDPR principles at its core. Users can export, modify, and delete their personal data at any time through self-serve controls.
Privacy by Design
Privacy is not a bolt-on — it is built into every feature from day one. We collect the minimum data necessary and default to the most private settings.
DPA Available
Data Processing Agreements are available on request for organizations that require formal documentation of our data handling commitments.
Regular Security Reviews
We conduct regular security reviews of our codebase, infrastructure, and third-party integrations to identify and address potential vulnerabilities proactively.
Found a Vulnerability?
We take all security reports seriously and appreciate responsible disclosure. If you have discovered a potential vulnerability, please let us know.
security@38hub.comWe respond to all security reports within 48 hours.
Build with Confidence
Your content, your keys, your data. Start creating with the security you deserve.