Back to Home

Security & Data Protection

Last updated: 6/2/2025

Security First Approach

At Delegate, security isn't an afterthought—it's built into every aspect of our platform. We employ industry-leading security practices to protect your data and ensure your privacy.

Data Encryption

Encryption in Transit

All data transmitted between your browser and Firebase is encrypted using HTTPS/TLS. Communication with OpenAI's API also uses TLS encryption. We don't handle the encryption directly—it's provided by our service providers.

Encryption at Rest

Your data is encrypted when stored in Firebase's Firestore database using Google's default encryption (AES-256). This encryption is automatically handled by Firebase— we don't manage the encryption keys ourselves.

Privacy by Design

  • Local Processing: Python code execution happens in your browser using Pyodide—your data never leaves your device for processing
  • Minimal Data Collection: We only collect data necessary to provide our service
  • No Training Data: Your files and prompts are never used to train AI models
  • Data Retention: User data is automatically deleted according to our retention policies
  • GDPR Compliance: Full compliance with European data protection regulations

Infrastructure Security

Important: While Delegate itself doesn't hold independent security certifications, we inherit robust security protections from our certified service providers.

Google Cloud Platform & Firebase

Our infrastructure runs on Google Cloud Platform and Firebase, which maintain SOC 2 Type II, ISO 27001, HIPAA, and other enterprise security certifications. We inherit these security benefits for our data storage and authentication.

OpenAI Security Standards

Our AI processing uses OpenAI's APIs, which follow SOC 2 Type II compliance and enterprise security standards. Your data sent to AI services follows their data handling and privacy policies.

Network Security

All communications use HTTPS encryption. Firebase provides automatic DDoS protection and Google's network security infrastructure protects our services.

Our Security Practices

We implement secure coding practices, regular security reviews, error monitoring with Sentry, and follow the principle of least privilege for data access.

Authentication & Access Control

  • Magic Link Authentication: Secure, passwordless login eliminates password-related vulnerabilities
  • Session Management: Secure session tokens with automatic expiration
  • Rate Limiting: Protection against brute force attacks and abuse
  • Input Validation: All user inputs are sanitized and validated
  • CSRF Protection: Cross-site request forgery protection on all forms

Code Execution Security

Sandboxed Environment: All Python code runs in a secure, isolated browser environment using Pyodide.

  • No System Access: Code cannot access your file system, network, or operating system
  • Restricted Imports: Dangerous modules and functions are blocked
  • Execution Timeouts: Code execution is limited to prevent infinite loops
  • Memory Limits: Resource usage is controlled to prevent system overload
  • Content Filtering: Malicious code patterns are detected and blocked

Monitoring & Incident Response

  • 24/7 Monitoring: Continuous monitoring of all systems and services
  • Error Tracking: Comprehensive error logging and alerting with Sentry
  • Security Scanning: Regular vulnerability assessments and penetration testing
  • Incident Response: Documented procedures for security incident handling
  • Audit Logs: Comprehensive logging of all system activities

Compliance & Standards

Transparency Note: The compliance certifications below belong to our service providers (Firebase/Google Cloud and OpenAI). We benefit from their certified infrastructure but don't hold independent certifications ourselves.

GDPR Approach

We follow GDPR principles for data handling. Firebase and OpenAI are both GDPR-compliant, which helps us meet European data protection requirements.

SOC 2 Type II

Google Cloud Platform/Firebase and OpenAI maintain SOC 2 Type II compliance. We inherit these security controls through our use of their services.

ISO 27001

Google Cloud Platform maintains ISO 27001 certification for information security management, which protects data stored in Firebase.

Our Security Reviews

We conduct regular code reviews and security assessments of our application code, even though we rely on certified providers for infrastructure security.

Reporting Security Issues

If you discover a security vulnerability, please report it responsibly by contacting our security team. We take all security reports seriously and will respond promptly to address any issues.

Security Contact: hello@delegatewith.me

Questions & Contact

If you have questions about our security practices or need additional information, please don't hesitate to contact us. We're committed to transparency and will be happy to provide additional details about our security measures.

General Support: hello@delegatewith.me

Privacy Questions: privacy@delegatewith.me

Security Issues: hello@delegatewith.me

This security page is regularly updated to reflect our current practices and any changes to our security posture. For the most up-to-date information, please check back periodically.