Security Manifesto

1. Authentication & Identity

All authentication is delegated to Clerk, a SOC 2 Type II certified identity provider. We support OAuth 2.0/OIDC via Google and Apple, plus email-based magic links. Passwords are hashed with bcrypt (cost factor 12+). Multi-factor authentication is available for all accounts. Sessions are managed via secure, HttpOnly, SameSite=Strict cookies with rolling expiration.

2. Data Encryption

All data in transit is encrypted via TLS 1.3. Database connections use SSL with certificate verification. Sensitive fields (dream content, chat transcripts) are encrypted at rest using AES-256-GCM. Encryption keys are rotated quarterly and stored in environment-isolated vaults, never in source code.

3. Payment Security

Payment processing is handled by WayForPay, a PCI DSS Level 1 certified gateway. We never store, process, or transmit raw card data on our servers. All payment mutations use Serializable transaction isolation to prevent race conditions and double-charging. Webhook signatures are verified using HMAC-MD5 with merchant secret keys.

4. Video Session Privacy

Live therapy sessions use LiveKit's WebRTC infrastructure with DTLS-SRTP encryption. Video and audio streams are peer-to-peer when possible, with SFU fallback. Sessions are never recorded or stored. Room tokens are scoped per-user, per-session, and expire after the scheduled duration.

5. AI & Prompt Security

All AI interactions are sandboxed with strict system prompts. User input is sanitized against prompt injection attacks. The AI operates under a strict persona boundary — it cannot access other users' data, execute code, or make external API calls. Dream analysis and chat data are processed in isolated contexts with no cross-contamination between users.

6. Database & Infrastructure

We run on PostgreSQL with row-level security policies. All queries are parameterized via Prisma ORM — zero raw SQL. Database access is restricted to application-level service accounts with least-privilege permissions. Migrations are versioned and reviewed. Backups are encrypted and stored in geographically separate regions.

7. GDPR & Right to Erasure

Users can request complete data deletion at any time. Account deletion cascades across all tables — chat history, dream journals, psychological profiles, payment records, and session data are permanently purged. We implement the Right to be Forgotten as a hard delete, not a soft flag.

8. Accessibility (WCAG 2.1)

Saturn's Shadow is built to WCAG 2.1 AA standards. All interactive elements are keyboard-navigable. Screen reader support is implemented via semantic HTML and ARIA attributes. Color contrast ratios meet or exceed 4.5:1 for normal text. Focus indicators are visible and consistent. Animations can be disabled via prefers-reduced-motion.

9. Rate Limiting & Abuse Prevention

All API endpoints are rate-limited using Upstash Redis with sliding window counters. Authentication endpoints have stricter limits to prevent brute-force attacks. AI endpoints are rate-limited per user and per plan tier. Webhook endpoints validate origin signatures before processing.

10. Incident Response

We maintain a documented incident response plan. Security vulnerabilities can be reported to our security team. We commit to acknowledging reports within 24 hours and providing a resolution timeline within 72 hours.

security@archetype.in.ua