Security

How we protect your data and how to responsibly report security issues.

Security Measures

  • All data in transit is encrypted using TLS.
  • Infrastructure is hosted in cloud services with built-in security controls.
  • A cloud-based WAF protects the API backend against SQLi and XSS attacks.
  • Role-based access controls restrict internal data access.
  • Login security monitoring (anomalous IP detection, failed login burst detection, OTP verification).
  • Uploaded files and generated results are automatically deleted from active storage after 90 days.
  • Passwords are stored using ASP.NET Core Identity's built-in hashing.

Responsible Disclosure

If you discover a security vulnerability in our platform, please report it responsibly:

Email: security@americanenglishediting.com

  • Provide a detailed description of the vulnerability and steps to reproduce.
  • Do not publicly disclose the vulnerability before we have had an opportunity to fix it.
  • Do not access or modify other users' data.
  • Do not perform denial-of-service attacks.

We commit to acknowledging receipt of your report within 5 business days and will work with you to resolve valid security issues promptly.

An unhandled error has occurred. Reload 🗙