[{"data":1,"prerenderedAt":353},["ShallowReactive",2],{"docs-/docs/security":3},{"id":4,"title":5,"body":6,"description":345,"extension":346,"meta":347,"navigation":348,"path":349,"seo":350,"stem":351,"__hash__":352},"content/docs/security.md","Security",{"type":7,"value":8,"toc":311},"minimark",[9,13,18,23,46,50,61,65,69,80,84,95,99,103,114,118,129,133,137,140,161,168,172,183,187,191,194,205,209,220,224,235,239,243,254,258,269,273,281,285,289,297,300],[10,11,12],"p",{},"Security is fundamental to how Grounded operates. This page covers our security practices and controls.",[14,15,17],"h2",{"id":16},"data-protection","Data Protection",[19,20,22],"h3",{"id":21},"encryption","Encryption",[24,25,26,34,40],"ul",{},[27,28,29,33],"li",{},[30,31,32],"strong",{},"In transit",": All data encrypted with TLS 1.3",[27,35,36,39],{},[30,37,38],{},"At rest",": Database encrypted with AES-256",[27,41,42,45],{},[30,43,44],{},"API keys",": Hashed and never stored in plain text",[19,47,49],{"id":48},"data-isolation","Data Isolation",[24,51,52,55,58],{},[27,53,54],{},"Each customer's data is logically isolated",[27,56,57],{},"Row-level security in the database",[27,59,60],{},"No cross-customer data access possible",[14,62,64],{"id":63},"infrastructure","Infrastructure",[19,66,68],{"id":67},"hosting","Hosting",[24,70,71,74,77],{},[27,72,73],{},"Hosted on Vercel (frontend) and Supabase (backend)",[27,75,76],{},"SOC 2 Type II compliant infrastructure",[27,78,79],{},"Regular security audits",[19,81,83],{"id":82},"availability","Availability",[24,85,86,89,92],{},[27,87,88],{},"99.9% uptime SLA",[27,90,91],{},"Automatic failover",[27,93,94],{},"Global CDN distribution",[14,96,98],{"id":97},"access-control","Access Control",[19,100,102],{"id":101},"authentication","Authentication",[24,104,105,108,111],{},[27,106,107],{},"Secure authentication via Supabase Auth",[27,109,110],{},"Support for email/password and OAuth",[27,112,113],{},"Session tokens with secure expiration",[19,115,117],{"id":116},"api-security","API Security",[24,119,120,123,126],{},[27,121,122],{},"Unique API keys per chatbot",[27,124,125],{},"Keys can be rotated anytime",[27,127,128],{},"Rate limiting prevents abuse",[14,130,132],{"id":131},"widget-security","Widget Security",[19,134,136],{"id":135},"domain-restrictions","Domain Restrictions",[10,138,139],{},"Limit where your widget can be embedded:",[141,142,143,152,158],"ol",{},[27,144,145,146,149,150],{},"Go to ",[30,147,148],{},"Settings"," > ",[30,151,5],{},[27,153,154,155],{},"Add domains under ",[30,156,157],{},"Allowed Domains",[27,159,160],{},"Only listed domains can use your API key",[162,163,165],"docs-callout",{"type":164},"tip",[10,166,167],{},"Add both your production domain and any staging/development domains you use.",[19,169,171],{"id":170},"content-security","Content Security",[24,173,174,177,180],{},[27,175,176],{},"Widget loaded via HTTPS only",[27,178,179],{},"No third-party tracking scripts",[27,181,182],{},"Minimal data collection",[14,184,186],{"id":185},"ai-safety","AI Safety",[19,188,190],{"id":189},"prompt-injection-protection","Prompt Injection Protection",[10,192,193],{},"All user inputs are sanitized to prevent:",[24,195,196,199,202],{},[27,197,198],{},"System prompt manipulation",[27,200,201],{},"Role confusion attacks",[27,203,204],{},"Data extraction attempts",[19,206,208],{"id":207},"response-safety","Response Safety",[24,210,211,214,217],{},[27,212,213],{},"AI cannot access external systems",[27,215,216],{},"Responses limited to knowledge base content",[27,218,219],{},"No execution of user-provided code",[19,221,223],{"id":222},"hallucination-prevention","Hallucination Prevention",[24,225,226,229,232],{},[27,227,228],{},"Low confidence triggers refusal",[27,230,231],{},"All claims must have source citations",[27,233,234],{},"Semantic verification of responses",[14,236,238],{"id":237},"compliance","Compliance",[19,240,242],{"id":241},"data-residency","Data Residency",[24,244,245,248,251],{},[27,246,247],{},"Primary data storage in US",[27,249,250],{},"EU data residency available on request",[27,252,253],{},"Contact us for specific requirements",[19,255,257],{"id":256},"privacy","Privacy",[24,259,260,263,266],{},[27,261,262],{},"GDPR compliant",[27,264,265],{},"No sale of customer data",[27,267,268],{},"Data deletion available on request",[19,270,272],{"id":271},"certifications","Certifications",[24,274,275,278],{},[27,276,277],{},"SOC 2 Type II (via infrastructure providers)",[27,279,280],{},"Additional certifications available for enterprise",[14,282,284],{"id":283},"reporting-issues","Reporting Issues",[19,286,288],{"id":287},"security-vulnerabilities","Security Vulnerabilities",[10,290,291,292],{},"Report security issues to: ",[293,294,296],"a",{"href":295},"mailto:security@grounded.sh","security@grounded.sh",[10,298,299],{},"We commit to:",[24,301,302,305,308],{},[27,303,304],{},"Acknowledging reports within 24 hours",[27,306,307],{},"Providing updates within 72 hours",[27,309,310],{},"Not pursuing legal action for good-faith reports",{"title":312,"searchDepth":313,"depth":313,"links":314},"",2,[315,320,324,328,332,337,342],{"id":16,"depth":313,"text":17,"children":316},[317,319],{"id":21,"depth":318,"text":22},3,{"id":48,"depth":318,"text":49},{"id":63,"depth":313,"text":64,"children":321},[322,323],{"id":67,"depth":318,"text":68},{"id":82,"depth":318,"text":83},{"id":97,"depth":313,"text":98,"children":325},[326,327],{"id":101,"depth":318,"text":102},{"id":116,"depth":318,"text":117},{"id":131,"depth":313,"text":132,"children":329},[330,331],{"id":135,"depth":318,"text":136},{"id":170,"depth":318,"text":171},{"id":185,"depth":313,"text":186,"children":333},[334,335,336],{"id":189,"depth":318,"text":190},{"id":207,"depth":318,"text":208},{"id":222,"depth":318,"text":223},{"id":237,"depth":313,"text":238,"children":338},[339,340,341],{"id":241,"depth":318,"text":242},{"id":256,"depth":318,"text":257},{"id":271,"depth":318,"text":272},{"id":283,"depth":313,"text":284,"children":343},[344],{"id":287,"depth":318,"text":288},"How Grounded keeps your data safe.","md",{},true,"/docs/security",{"title":5,"description":345},"docs/security","JujkVMDYTS7lOCQq3WqLJS1Eb05uO0pvGJcRF-qMYCs",1778619020986]