Security
Last updated: June 12, 2026
- All traffic is encrypted in transit (TLS); data is encrypted at rest by our database provider (Neon).
- Passwords are hashed (scrypt via Better Auth); email verification is required on signup.
- All third-party API keys (research, drafting, publishing, email) are server-side environment secrets — never shipped to the browser, never committed to source control.
- Publishing requires explicit, per-post approval. Background jobs are authenticated with a secret and fail closed.
- Payment card data is handled entirely by Polar; it never touches our systems.
No certifications are claimed at this stage. Report vulnerabilities to support@1labs.ai — we respond within 72 hours.