Security at Geo Attribution

Trust and security are the foundation of our platform. Learn how we protect your data and ensure secure LLM citation tracking.

Data Security

All data in transit is encrypted via TLS. Database replicas are encrypted at rest in cloud storage. We use a multi-layered approach to ensure your citation tracking data remains secure.

Database replication: Database replicated continuously to Tigris S3-compatible storage; Tigris provides encryption at rest server-side.

Data in transit is protected by HTTPS encryption enforced across our entire infrastructure. All API communications, web traffic, and third-party integrations use TLS 1.2+ encryption.

Authentication

We implement custom JWT-based authentication with industry-standard security practices including password hashing.

  • JWT tokens: Short-lived access tokens (15 minutes) paired with secure refresh tokens (7 days) with automatic rotation
  • Password hashing: All passwords are hashed using bcrypt with appropriate salt rounds before storage

Authorization

Access control is implemented through middleware-based route protection with selective authentication requirements.

Public marketing pages remain accessible without authentication, while all application functionality requires valid authentication. This ensures your private data is protected while keeping our content discoverable.

Our authorization system follows the principle of least privilege — users can only access data and functionality appropriate to their account level.

Infrastructure

Our platform runs on Fly.io's secure cloud infrastructure with deployment in the London region for GDPR compliance.

  • Edge deployment: Applications run close to users for optimal performance while maintaining security
  • Replicated storage: SQLite databases are continuously replicated via Litestream to Tigris S3-compatible storage
  • London region: Production hosted in London (Fly.io lhr region). Litestream replication target is Tigris (S3-compatible) — region configurable per deployment

Compliance

We are committed to GDPR compliance and responsible data handling practices for all users, regardless of location.

  • GDPR commitments: Right to access, rectification, erasure, and data portability for all personal data
  • Data residency: Primary data storage and processing occurs in the United Kingdom, which maintains equivalent data protection standards under UK GDPR.
  • Breach disclosure: In the unlikely event of a security incident, we commit to timely notification according to GDPR requirements

Vulnerability Reporting

We welcome responsible disclosure of security vulnerabilities and are committed to working with security researchers to keep our platform secure.

If you discover a potential security vulnerability, please report it to [email protected]. We ask that you avoid publicly disclosing the issue until we have had an opportunity to review and address it.

Please include as much detail as possible in your report, including steps to reproduce the issue and any potential impact. We typically respond to security reports within 48 hours.

Security Features

HTTPS Enforced

All traffic encrypted with TLS 1.2+

Bcrypt Hashing

Industry-standard password protection

Database Replication

Tigris provides server-side encryption

UK Data Residency

London region deployment

Start with confidence

Join our secure platform and start tracking LLM citations with complete peace of mind.

Create Free Account