Security

Quiet on the outside. Locked down on the inside.

We can't promise your screen-share won't get sniped — that's literally the product's job — but we can promise the systems behind it are boringly secure.

In transit

Every request between your device and our servers uses TLS 1.3. There is no plain HTTP in production.

At rest

Database storage is AES-256 encrypted. Backups are encrypted with separate keys.

Payments

We never see your card. Stripe handles the entire payment flow, certified PCI-DSS Level 1.

Authentication

Sessions are signed JWTs over secure cookies. Passwords are hashed with bcrypt and salted.

AI prompts

Questions and answers are not stored unless you explicitly enable history. Prompts are sent to providers under their data-processing agreements.

Data location

Primary infrastructure runs in the EU/UK. Backups are geo-redundant.

Reporting a vulnerability

If you've found something we should know about, please email security@magicinkai.com and give us a reasonable window to respond before public disclosure. We read every report and reply within 24 hours on weekdays.

We don't currently offer a paid bounty, but we will publicly thank you and credit you on this page.

Want the longer version?

Our privacy policy covers what we collect, why, and how to delete it.

Read the privacy policy →