Security

Last updated: June 12, 2026

  • All traffic is encrypted in transit (TLS); data is encrypted at rest by our database provider (Neon).
  • Passwords are hashed (scrypt via Better Auth); email verification is required on signup.
  • All third-party API keys (research, drafting, publishing, email) are server-side environment secrets — never shipped to the browser, never committed to source control.
  • Publishing requires explicit, per-post approval. Background jobs are authenticated with a secret and fail closed.
  • Payment card data is handled entirely by Polar; it never touches our systems.

No certifications are claimed at this stage. Report vulnerabilities to support@1labs.ai — we respond within 72 hours.

Built withProductOS