← Back to Home

Security & Trust

Enterprise-grade security for your AI-powered project management

🔒 Peak implements comprehensive security measures to protect your data, projects, and F.R.I.D.A.Y. AI interactions

🔒 Data Protection & Encryption

Encryption Standards

  • Data in Transit: TLS 1.3 encryption for all client-server communications
  • Data at Rest: AES-256 encryption for database storage via Supabase
  • AI Communications: End-to-end encrypted channels with OpenAI and Anthropic
  • Payment Security: PCI DSS compliant processing through Stripe
  • Session Security: Encrypted session tokens with secure cookie policies

Database Security

Supabase PostgreSQL Security: Our database layer includes Row Level Security (RLS), automated backups, and strict access controls ensuring your data is isolated and protected.

🛡️ Infrastructure & Platform Security

Cloud Infrastructure

  • Secure Hosting: Multi-tier architecture with secure cloud infrastructure
  • Environment Isolation: Strict separation between staging and production environments
  • Network Security: Firewalls, intrusion detection, and network monitoring
  • DDoS Protection: Automated scaling and traffic filtering to prevent attacks
  • Geographic Redundancy: Multi-region backups and disaster recovery

System Maintenance

  • Regular Updates: Automated security patches and system updates
  • Vulnerability Scanning: Continuous monitoring for security vulnerabilities
  • Dependency Management: Regular updates to all third-party libraries
  • Security Monitoring: 24/7 monitoring with automated alert systems

Deployment Security

Staging Environment

peak-staging-48e3716c52b4.herokuapp.com - Isolated testing environment

Production Environment

peak.gocovalent.com - Hardened production infrastructure

🔐 Authentication & Access Control

User Authentication

  • Secure Login System: Multi-factor authentication support with secure password policies
  • Session Management: Secure, encrypted session tokens with automatic expiration
  • OAuth Integration: Secure authentication with trusted providers
  • Account Security: Password strength requirements and breach monitoring
  • Age Verification: 18+ only access policy for compliance and security

Access Control & Permissions

Project-Level Security

  • Individual user data isolation
  • Organization-based access controls
  • Team member invitation and permission management
  • Project ownership and sharing controls

Data Isolation

  • Row Level Security (RLS) in database
  • User-specific data encryption keys
  • Workspace isolation (General Workspace: 008c7006-c8aa-465c-8354-0db3bd52e6d2)
  • Cross-tenant data prevention

🤖 F.R.I.D.A.Y. AI Security

AI Data Processing Security

Zero-Training Policy: Your data is never used to train OpenAI or Anthropic's base models. F.R.I.D.A.Y. uses contextual memory for personalization only, without modifying underlying AI systems.

AI Partner Security

OpenAI Integration

  • Realtime 4o Voice API with transient audio processing
  • Enterprise-grade API security and encryption
  • No permanent voice data storage
  • GDPR and SOC 2 compliant processing

Anthropic Integration

  • Advanced text analysis with privacy protection
  • Constitutional AI safety measures
  • Encrypted API communications
  • Data minimization principles

F.R.I.D.A.Y. Memory & Context Security

  • Conversation Memory: 60-day retention with user-controlled deletion
  • Context Encryption: User-specific encryption for conversation context
  • Memory Isolation: Cross-project memory segregation
  • Semantic Security: Advanced embeddings with privacy protection
  • Agent Deployment: Secure, isolated AI agent processing

🚨 Incident Response & Monitoring

Security Monitoring

  • Real-Time Monitoring: 24/7 automated security monitoring and alerting
  • Intrusion Detection: Advanced threat detection and prevention systems
  • Log Analysis: Comprehensive security event logging and analysis
  • Performance Monitoring: System performance and availability tracking

Incident Response Process

Critical Security Incidents

  • Immediate automated response within minutes
  • User notification within 24 hours
  • Full investigation and remediation
  • Post-incident security improvements

Backup & Recovery

  • Automated Backups: Daily encrypted backups with geographic distribution
  • Point-in-Time Recovery: Ability to restore data to specific timestamps
  • Disaster Recovery: Comprehensive DR plan with defined RTOs and RPOs
  • Data Integrity: Regular backup verification and integrity testing

🏆 Compliance & Certifications

Current Compliance

✅ Implemented Standards

  • OWASP Security Guidelines compliance
  • PCI DSS compliance through Stripe integration
  • Industry-standard encryption practices
  • Secure software development lifecycle

Planned Certifications

🎯 Security Roadmap

  • SOC 2 Type II: Comprehensive security and availability audit (Target: 2025)
  • GDPR Readiness: EU data protection compliance for international expansion
  • ISO 27001: Information security management system certification
  • CCPA Compliance: California privacy law compliance

Regulatory Compliance

  • U.S. Federal: Compliance with applicable U.S. federal regulations
  • Florida State Law: Adherence to Florida privacy and security requirements
  • Industry Standards: Following best practices for SaaS and AI services
  • Third-Party Audits: Regular security assessments by independent firms

🔧 Security Development Practices

Secure Development Lifecycle

  • Security by Design: Security considerations integrated from project inception
  • Code Reviews: Mandatory peer review for all code changes
  • Static Analysis: Automated security vulnerability scanning
  • Dependency Scanning: Third-party library vulnerability monitoring
  • Security Testing: Regular penetration testing and security assessments

Version Control & Deployment

Secure Deployment Pipeline

  • Git-based version control with signed commits
  • Staging environment testing before production
  • Automated security checks in CI/CD pipeline
  • Rollback capabilities for security incidents

Team Security Training

  • Security Awareness: Regular security training for all team members
  • Incident Response: Team training on security incident procedures
  • Privacy by Design: Privacy-first development methodologies
  • AI Ethics: Responsible AI development and deployment practices

📞 Security Contact & Reporting

Security Team Contact

Company: Covalent Inc.

Security Contact: Thomas Jackson

Email: info@gocovalent.com

Subject Line: [SECURITY] - Your security concern

Vulnerability Reporting

Responsible Disclosure: If you discover a security vulnerability, please contact us immediately at info@gocovalent.com. We appreciate responsible disclosure and will work with you to address any legitimate security concerns.

Response Times

  • Critical Security Issues: Within 24 hours
  • High Priority Issues: Within 48 hours
  • General Security Inquiries: Within 5-7 business days
  • Vulnerability Reports: Acknowledgment within 24 hours

What to Include in Security Reports

  • Detailed description of the security concern
  • Steps to reproduce (if applicable)
  • Potential impact assessment
  • Your contact information for follow-up
  • Any relevant screenshots or logs

Security Commitment: Peak is committed to maintaining the highest security standards. We continuously improve our security posture and welcome community feedback to help us protect our users.

← Return to Peak
    Peak - Voice-First Project Management with F.R.I.D.A.Y. AI