> ## Documentation Index
> Fetch the complete documentation index at: https://support.myapps.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Security & Privacy

> How Machine protects your data and information

# Security & Privacy

Machine is built with a security-first approach, ensuring your data, conversations, and activities remain protected at all times.

## Data Protection

### Encryption

<CardGroup cols={2}>
  <Card title="Data in Transit" icon="lock">
    All communication between your devices and Machine uses TLS 1.3 encryption, ensuring that your data is secure as it travels across the internet.
  </Card>

  <Card title="Data at Rest" icon="database-lock">
    Your stored data is encrypted using AES-256, protecting it from unauthorized access even in the unlikely event of a breach.
  </Card>

  <Card title="End-to-End Encryption" icon="key">
    Sensitive operations and files can be end-to-end encrypted, meaning only you can access the unencrypted data.
  </Card>

  <Card title="Key Management" icon="key-skeleton">
    We use industry-standard key management services to securely store and rotate encryption keys.
  </Card>
</CardGroup>

### Access Controls

* **Role-Based Access**: Only authorized personnel have access to systems containing user data
* **Least Privilege Principle**: Personnel are granted only the minimum permissions necessary
* **Multi-Factor Authentication**: Required for all internal systems
* **Access Logging**: All access to user data is logged and audited

## Privacy Guarantees

### Data Usage

Machine only uses your data for the following purposes:

1. **Providing our services**: Processing your requests and performing tasks you explicitly ask for
2. **Improving our services**: Learning from interactions to improve response quality
3. **Security and fraud prevention**: Detecting and preventing fraudulent activity and security threats

### Data Sharing

We do not sell or rent your personal information. We only share your information in the following limited circumstances:

* With your explicit consent
* To comply with legal obligations
* With service providers who help us deliver our services (under strict confidentiality agreements)

### Data Retention

* **Active Conversations**: Retained to provide context for ongoing interactions
* **Completed Tasks**: Retained for 30 days by default, or based on your configured retention policy
* **Account Information**: Maintained as long as you have an active account
* **Data Deletion**: You can request deletion of your data at any time through your account settings

## Security Measures

### Infrastructure Security

* **Cloud Security**: We leverage enterprise-grade cloud infrastructure with built-in security features
* **Network Isolation**: Critical systems are isolated from public networks
* **DDoS Protection**: Advanced systems to prevent denial-of-service attacks
* **Vulnerability Management**: Regular scanning and timely patching of vulnerabilities

### Application Security

* **Secure Development**: We follow secure coding practices throughout our development lifecycle
* **Regular Audits**: Our codebase undergoes regular security audits and penetration testing
* **Dependency Scanning**: We scan for and update vulnerable dependencies
* **Bug Bounty Program**: We work with security researchers to identify and fix security issues

### Operational Security

* **Security Monitoring**: 24/7 monitoring for suspicious activities
* **Incident Response**: Defined procedures to quickly address security incidents
* **Regular Drills**: Our team conducts regular security incident response drills
* **Vendor Assessment**: All third-party vendors undergo security assessment

## Compliance

Machine is designed to help you maintain compliance with various regulations and standards:

* **GDPR**: Compliant with the European Union's General Data Protection Regulation
* **CCPA**: Compliant with the California Consumer Privacy Act
* **SOC 2**: We maintain SOC 2 Type II certification
* **HIPAA**: Available on Enterprise plans for customers who require HIPAA compliance

## Reporting Security Issues

If you discover a security vulnerability, please report it to [rcohen@mytsi.org](mailto:rcohen@mytsi.org). We appreciate your help in keeping Machine secure and will respond promptly to your report.

## Privacy Controls

Machine gives you control over your privacy:

<AccordionGroup>
  <Accordion title="Privacy Settings">
    Access your privacy settings by clicking on your profile > Settings > Privacy. From there, you can:

    * Adjust data retention periods
    * Enable/disable usage tracking
    * Manage conversation history
    * Control data sharing preferences
  </Accordion>

  <Accordion title="Data Export">
    You can export all your data at any time:

    1. Go to Settings > Privacy > Export Data
    2. Select what data you want to export
    3. Choose your preferred format (JSON, CSV, HTML)
    4. Submit your request

    You'll receive a download link when your export is ready.
  </Accordion>

  <Accordion title="Data Deletion">
    To delete your data:

    1. Go to Settings > Privacy > Delete Data
    2. Select what data you want to delete
    3. Confirm your decision

    Please note that deletion is permanent and cannot be undone.
  </Accordion>
</AccordionGroup>

<Info>
  For more detailed information about our privacy practices, please refer to our [Privacy Policy](https://machine.myapps.ai/privacy).
</Info>
