This page describes the technical and organizational measures Citipen (operated by TAK Trading Co., Ltd.) uses to protect your account, data, and transactions, and the security obligations that apply to you as a user. For how we process personal data, see /privacy.

1. Transport security

All traffic between your browser and Citipen is encrypted with TLS 1.2+ (HTTPS). HTTP is redirected to HTTPS.
HSTS is enabled on the citipen.com domain.
Internal services on our infrastructure (Z8 GPU server, image/voice/transcript APIs) are reached only through Cloudflare-authenticated tunnels — never exposed to the public internet directly.

2. Authentication & accounts

Identity is delegated to Clerk (SOC 2 Type II certified). Passwords are never stored on our servers.
Social login via Google is supported; Clerk handles OAuth flows.
Sessions use short-lived JWTs with secure, HTTP-only, SameSite cookies.
You can enable multi-factor authentication (MFA / 2FA) from your Clerk user profile.
Suspicious sign-in attempts trigger Clerk's rate-limiting and bot-protection layers.

3. Data at rest

Application database (Neon Postgres) is encrypted at rest (AES-256) and located in AWS us-east-1.
OAuth refresh tokens for connected storage providers are encrypted with a per-record key before being written to the database.
Generated media (images, videos, audio) is temporary and not retained server-side longer than necessary to deliver the result to you.

4. Payments

Card payments are processed by SePay (PCI-DSS compliant gateway working with VPBank and Mastercard MPGS). Card data never touches Citipen's servers.
Bank transfers in Vietnam are reconciled via signed SePay webhooks (HMAC-SHA256, header X-Secret-Key).
USDT TRC-20 deposits are matched by exact amount on-chain via TronScan polling.
Every credit adjustment is logged immutably in a transaction ledger.

5. AI provider isolation

Requests to third-party AI providers (fal.ai, DeepSeek, Anthropic, Groq, Replicate, Apify) are made server-side. Your inputs are passed through but our internal credentials are never exposed to your browser.
We do not sell your prompts or outputs to third parties.
Where supported (e.g. AI Gateway), zero-retention mode is preferred so providers do not store prompts.

6. Logging & monitoring

Operational logs include tool invocations, timestamps, credit charges, and success/failure — used for billing accuracy and abuse detection.
Logs do not retain full prompt content beyond what is required for short-term debugging.
Vercel platform logs are retained per Vercel's policy.

7. Incident response

If we discover a security incident that affects your data, we will notify you and the appropriate regulators within the timeframes required by applicable law (within 72 hours under GDPR where applicable). We maintain a documented incident response process covering detection, containment, eradication, recovery, and lessons learned.

8. Your security responsibilities

You agree to:

Keep your password and any MFA factors confidential.
Use a strong, unique password (or social login + MFA).
Sign out from shared or public devices.
Promptly notify us at [email protected] of any unauthorized access, suspicious activity, or compromised credentials.
Not attempt to probe, scan, or test the vulnerability of any Citipen system without prior written authorization.

9. Responsible disclosure

Security researchers may report vulnerabilities to [email protected]. Please include reproduction steps, do not exfiltrate user data, do not disrupt service, and give us a reasonable window (90 days) to remediate before public disclosure.

10. Changes

We may update this policy as our infrastructure evolves. Material changes will be announced on this page with a new “Last updated” date.

Contact

Security: [email protected] · Legal: [email protected]

Security Policy