Security

Last updated: June 3, 2026

We take the security of your account and your data seriously. This page summarizes the measures we use to protect the Service.

Encryption in transit

All traffic between your browser and Cadreworks is encrypted with HTTPS/TLS. We redirect plain HTTP to HTTPS and use a certificate from a trusted authority.

Account protection

Passwords are stored only as salted bcrypt hashes — never in plain text.
Sessions use a signed, HTTP-only cookie that JavaScript cannot read, marked Secure over HTTPS, and they expire automatically.
"Sign in with Google" lets you authenticate without sharing a password with us.
Authentication endpoints are rate-limited to blunt brute-force and abuse.

Infrastructure

The Service runs on a hardened server with a restricted firewall and least-privilege access.
Your conversations are stored in a database that is not publicly reachable.
We keep our platform and dependencies updated.

AI data handling

To generate responses, prompts are sent to our AI model provider over encrypted connections. We transmit only what is needed for the response and do not sell your content. Please avoid sharing sensitive personal, financial, or confidential information in chats. See our Privacy Policy for details.

Responsible disclosure

If you believe you have found a security vulnerability, please report it privately to security@cadreworks.io. We appreciate good-faith research and will work with you to investigate and resolve valid issues. Please do not access other users' data or disrupt the Service while testing.

This page describes our current practices and is provided for transparency, not as a contractual guarantee. Security is continuously evolving and no system is perfectly secure.