Security at AI Product Opportunity
You trust us with your account, your research trail and your submitted ideas. Here is exactly how we protect them โ no vague claims, only what the system actually does.
Session security
Sign-in uses an httpOnly session cookie โ invisible to page scripts, so a script injection can't read your session. Passwords are stored only as salted hashes, never in plain text.
Server-side gating
Plan entitlements are enforced in the API, not the browser. Premium analysis never leaves the server for an account that hasn't unlocked it โ there is nothing to un-hide client-side.
PCI-scoped payments
Card, UPI and bank details go directly to Razorpay's PCI-DSS compliant checkout. Our servers never see or store payment credentials โ we hold only payment references and invoice metadata.
Encryption
All traffic is encrypted in transit with TLS, and data is encrypted at rest by the underlying AWS storage layer.
Hardened infrastructure
The service runs in isolated containers on AWS with least-privilege credentials, secrets kept in a managed secrets store, and production access restricted to the operating team.
Abuse protection
Rate limits and per-plan daily view allowances blunt scraping and credential-stuffing attempts, and anonymous API access is gated by an internal service key.
Responsible disclosure
Found a vulnerability? We want to hear about it before anyone else does. Email security@aiproductopportunity.com with steps to reproduce. We acknowledge reports within 72 hours, keep you informed while we fix the issue, and credit researchers who report in good faith. Please don't access other users' data or degrade the service while testing.
Related reading: Privacy policy ยท Terms of service