Your data security and privacy are our top priorities. We implement industry-standard practices to protect your information and give you full control over your data.
We use Google OAuth for secure authentication, eliminating the need to store passwords.
We follow the principle of least-privilege access, requesting only the minimum scopes necessary:
You can revoke access at any time through your Google Account settings, immediately disconnecting Gracia AI from your data.
All data is encrypted at rest using industry-standard AES-256 encryption.
Review replies and settings are stored in Supabase with Row Level Security (RLS) policies, ensuring your data is isolated and accessible only to your workspace.
Access tokens are encrypted before storage and decrypted only when needed for API calls.
We maintain audit logs of all critical actions for security monitoring and compliance.
Transactional emails are sent via Resend from our verified domain.
We only send:
All marketing emails include one-click unsubscribe links.
We follow reasonable security practices aligned with industry standards.
Payment card data is handled entirely by Stripe, a PCI-compliant payment processor. We never store or have access to your full card details.
We conduct regular security reviews and update our practices to address emerging threats.
Our infrastructure is hosted on Vercel and Supabase, both SOC 2 Type II certified providers.
For security concerns or questions, please contact us at: support@gracia-ai.com
For detailed information about data handling, please review our Privacy Policy and Terms of Service.
We respond to all security inquiries within 24 hours during business days.