AI Product Opportunity
โ€ฆ
Trust

Security at AI Product Opportunity

You trust us with your account, your research trail and your submitted ideas. Here is exactly how we protect them โ€” no vague claims, only what the system actually does.

Session security

Sign-in uses an httpOnly session cookie โ€” invisible to page scripts, so a script injection can't read your session. Passwords are stored only as salted hashes, never in plain text.

Server-side gating

Plan entitlements are enforced in the API, not the browser. Premium analysis never leaves the server for an account that hasn't unlocked it โ€” there is nothing to un-hide client-side.

PCI-scoped payments

Card, UPI and bank details go directly to Razorpay's PCI-DSS compliant checkout. Our servers never see or store payment credentials โ€” we hold only payment references and invoice metadata.

Encryption

All traffic is encrypted in transit with TLS, and data is encrypted at rest by the underlying AWS storage layer.

Hardened infrastructure

The service runs in isolated containers on AWS with least-privilege credentials, secrets kept in a managed secrets store, and production access restricted to the operating team.

Abuse protection

Rate limits and per-plan daily view allowances blunt scraping and credential-stuffing attempts, and anonymous API access is gated by an internal service key.

Responsible disclosure

Found a vulnerability? We want to hear about it before anyone else does. Email security@aiproductopportunity.com with steps to reproduce. We acknowledge reports within 72 hours, keep you informed while we fix the issue, and credit researchers who report in good faith. Please don't access other users' data or degrade the service while testing.

Related reading: Privacy policy ยท Terms of service