Security and data protection

AIsoule takes security seriously. Here's how your data is protected.

Data encryption

Access controls

• Role-based access (RBAC) — Granular permissions per user
• API key scoping — Keys inherit creator's permissions
• Session management — JWT tokens with short expiry (15 min access, 7 day refresh)
• CSRF protection — All state-changing requests verified

Authentication security

• Rate limiting — 5 login attempts per minute
• SSO support — Google, Microsoft, GitHub (enterprise-grade)
• Password requirements — Minimum 8 characters
• Token rotation — Refresh tokens are single-use

Audit trail

Every action is logged:

• Who did what, when
• IP address and user agent
• Changes tracked (before/after)
• 90-day retention

Infrastructure

• Hosted on secure cloud infrastructure
• Regular security updates
• Automated backups
• 99.9% uptime SLA

Your responsibilities

1. Use strong passwords — Don't reuse passwords
2. Enable SSO — For enterprise teams
3. Rotate API keys — Every 90 days
4. Review access — Remove unused users quarterly
5. Don't share credentials — Each person gets their own account