Circlebeta
Back to Legal Center

Data Security Policy

Last updated: June 7, 2025

Your data security is our highest priority. We implement military-grade encryption and zero-knowledge architecture to ensure that your information, including YouTube bearer tokens, remains completely private and secure, even from our own team.

Unique
Encryption Salts
Unique salts per data item
AES-256
Encryption Standard
Military-grade encryption
24/7
Security Monitoring
Continuous threat detection
Zero
Data Breaches
Perfect security record

Security Features

Data-Level Encryption

All sensitive data, including YouTube bearer tokens, is encrypted using industry-standard algorithms with unique salts and a master key.

AES-256-GCM encryption with unique cryptographic salts and master key derivation

Zero-Knowledge Architecture

Your encrypted data remains private to you alone, with client-side encryption ensuring no access by our team.

Client-side encryption ensures server-side data remains encrypted at all times

Secure CockroachDB Storage

Data is stored in CockroachDB with multiple layers of security controls and access restrictions.

Encrypted at rest using AES-256, with encrypted database connections (TLS 1.3)

End-to-End Encryption

All data, including data in transit to and from your device, is encrypted with unique salts and a master key, ensuring complete protection.

TLS 1.3 for transmission, AES-256 for storage, with perfect forward secrecy

Real-time Security Monitoring

24/7 automated monitoring systems detect and respond to potential security threats immediately.

SIEM integration with AI-powered threat detection and automated response

Secure Authentication

Authentication is handled securely via Supabase and Google Login, eliminating the need for password storage.

OAuth 2.0 with Supabase and Google Login, with secure token management

Our encryption implementation uses unique salts and a master key to ensure maximum security for all data, including YouTube bearer tokens.

Key Derivation

  • • Unique cryptographic salts per data item
  • • Master key derivation
  • • Memory-hard key stretching
  • • Protection against rainbow table attacks

Data Encryption

  • • AES-256-GCM authenticated encryption
  • • Unique initialization vectors per operation
  • • Authenticated encryption with additional data
  • • Perfect forward secrecy implementation

Zero-Knowledge Promise

Our encryption is implemented client-side, meaning your data, including YouTube bearer tokens, is encrypted before it reaches our servers. Only you have the keys to decrypt your data.

Compliance & Certifications

SOC 2 Type II

Comprehensive security, availability, and confidentiality controls

Certified

ISO 27001

International standard for information security management

Compliant

GDPR

European Union data protection and privacy regulation

Compliant

CCPA

California Consumer Privacy Act compliance

Compliant

Additional Security Measures

Regular security training for all employees
Secure software development lifecycle
Third-party security assessments
Data loss prevention (DLP) systems
Security incident response team
Continuous security improvement program

Your Data Rights

You have the right to:

  • Access and download your data at any time
  • Correct inaccurate information
  • Delete your account and all associated data
  • Port your data to another service
  • Restrict processing of your data

Data Protection Guarantees:

  • Data shared with Google Analytics for usage insights only
  • Encryption keys are never stored with encrypted data
  • Data is automatically deleted when you close your account
  • All data access is logged and monitored
  • Regular security audits ensure compliance

Security Contact

Report Security Issues

If you discover a security vulnerability or have concerns about our security practices, please contact our security team immediately.

Response Commitment

Critical issues: Immediate response (within 1 hour)
High severity: Response within 4 hours
General inquiries: Response within 24 hours