Security

1. Our approach

Security is foundational to how we operate. Prompts can contain personal thoughts, creative work, and sensitive context, so we take our obligation to protect that data seriously. This page describes the measures we take and how to reach us if you discover a problem.

2. Data in transit

All connections to Free Anonymous AI are encrypted using TLS (HTTPS). We do not accept unencrypted HTTP connections for anything involving user content. Connections between our infrastructure and third-party AI providers are also made over encrypted channels.

3. Prompt and session data

We do not permanently store the content of your prompts or AI outputs. Session context (the messages in an active conversation) is held temporarily to support follow-up turns and is not retained after a session ends. We do not build persistent profiles from your prompt content.

Inputs you submit are forwarded to third-party AI model providers to generate a response. Those providers process your inputs under their own security practices and terms. We choose providers with strong security reputations, but we cannot guarantee how they handle data on their end. You should treat anything you submit as potentially seen by a third-party service and avoid sharing sensitive personal or confidential information.

4. Authentication and accounts

The free tier requires no account. For paid plans, account credentials are handled using standard secure practices: passwords are hashed and salted, sessions use secure HTTP-only cookies, and we support modern authentication flows. We never store payment card data. All payment processing is handled by our third-party payment processor under their own PCI DSS compliance.

5. Rate limiting and abuse prevention

We apply rate limiting at the network, application, and per-user level to prevent abuse, protect system availability, and deter automated scraping. IP addresses and usage patterns are monitored for abuse signals. Accounts or IPs found in violation of our Acceptable Use Policy may be blocked without notice.

6. Infrastructure

Our platform is hosted on Vercel with infrastructure in secure, managed data centres. We follow the principle of least privilege in access controls: team members access only what they need to perform their role. Production systems are not accessible from public networks except through defined, authenticated interfaces.

7. Third-party dependencies

We depend on a number of third-party services including AI providers, payment processors, analytics, and hosting. We vet these vendors for their security posture, review updates to their terms and security notices, and aim to minimise the number of parties who touch user data. A breach at a third-party provider is outside our direct control, though we take steps to limit exposure by keeping prompt content separate from any account identity.

8. No security is perfect

We apply reasonable and industry-standard technical and organisational security measures. However, no system is perfectly secure, and we cannot guarantee that the Service will never be compromised. If we become aware of a breach affecting your data, we will notify affected users in line with applicable law.

9. Responsible disclosure

If you discover a security vulnerability in Free Anonymous AI, please report it to us before disclosing it publicly, so we have the opportunity to address it. We take all reports seriously and aim to acknowledge them within 48 hours and resolve confirmed issues promptly.

To report a vulnerability: email support@freeanonymousai.com with the subject line "Security Disclosure" and a clear description of the issue, steps to reproduce it, and your assessment of the impact. Please do not access, modify, or exfiltrate user data beyond what is necessary to demonstrate the issue.

We do not currently operate a formal bug bounty programme, but we are grateful to researchers who report issues responsibly and will acknowledge your contribution.

10. Contact

For security-related questions or concerns: support@freeanonymousai.com. For general questions, visit our Support page.