Security

Infrastructure

MiniPocketPal runs on AWS with serverless architecture. All data is encrypted at rest using AES-256 and in transit using TLS 1.3. Our infrastructure is designed with zero-trust principles and follows AWS security best practices.

Data Isolation

Each customer's data is logically isolated. Your AI's memory, conversations, and preferences are stored separately and cannot be accessed by other users. We use per-customer encryption keys for sensitive data.

Authentication

We support Google OAuth and email/password authentication with secure token management. All authentication tokens are short-lived and securely stored. We implement rate limiting and brute-force protection on all authentication endpoints.

Access Controls

MiniPocketPal implements a hierarchical security model with five levels: owner, owner_trusted, friend, acquaintance, and stranger. You control exactly who can interact with your AI and what information is accessible at each level.

Data Retention

You can export or delete your data at any time. When you delete your account, all associated data including memories, conversations, and preferences are permanently removed within 30 days.

Vulnerability Reporting

If you discover a security vulnerability, please report it responsibly to support@minipocketpal.com. We take all reports seriously and will respond within 48 hours.