Security & Data Protection

Last Updated: May 2026

Our Security Commitment

F.I.T. Love AI takes the security and privacy of your relationship data seriously. We implement industry-standard security practices to protect your information from unauthorized access, disclosure, alteration, and destruction.

Data Encryption

In Transit (HTTPS/TLS):

  • All data transmitted between your device and our servers is encrypted using HTTPS (SSL/TLS 1.2 or higher)
  • This encryption protects your data from being intercepted during transmission over the internet
  • Website and app connections use industry-standard SSL certificates issued by trusted certificate authorities

At Rest (Database Encryption):

  • Data stored in Google Firebase is encrypted at rest using Google's encryption standards
  • Assessment results, personal information, and relationship data are protected from unauthorized access
  • Encryption keys are managed securely by Google's infrastructure

Authentication & Access Control

User Authentication:

  • Password Security: Passwords are never stored in plain text; they are hashed using Firebase Authentication standards
  • Multi-Method Login: Users can log in via email/password or federated authentication (Google, Facebook)
  • Session Management: Session tokens expire after a period of inactivity for security
  • Two-Factor Authentication: Available for users who want additional account security

Access Controls:

  • Only authenticated users can access their own account and data
  • Partners can only see data you explicitly share with them
  • F.I.T. Love AI staff cannot access user data without explicit authorization
  • Role-based access control limits internal system access to authorized personnel only

Infrastructure Security

  • Cloud Infrastructure: Hosted on Google Firebase, which maintains SOC 2 Type II compliance and enterprise-grade security
  • Firewalls: Network-level protections prevent unauthorized access attempts
  • DDoS Protection: Google's infrastructure includes protection against distributed denial-of-service attacks
  • Regular Security Updates: Infrastructure is regularly patched and updated to address vulnerabilities

Security Testing & Audits

Automated Security Scanning:

  • We conduct regular automated security scans to identify vulnerabilities
  • AI-powered security tools scan code and infrastructure for potential issues
  • Scanning frequency: Regular basis, with ongoing monitoring

Penetration Testing:

  • We perform penetration testing to identify and address security weaknesses
  • Third-party security professionals may conduct assessments
  • Testing includes application security, infrastructure security, and access controls
  • Frequency: As part of our ongoing security practices

Data Protection Practices

Principle of Least Privilege:

We limit data collection and access to only what is necessary for providing the service. We do not collect unnecessary personal information.

Data Minimization:

We only collect data that is relevant and necessary. For example, the AI does not receive your name or email—only your F.I.T. scores and relationship context.

Secure Deletion:

When you delete your account, data is securely removed from our systems and cannot be recovered. Backup systems retain data for 90 days for disaster recovery purposes only.

Incident Response

Data Breach Response:

  • In the event of a security incident, we have procedures to respond quickly
  • We notify affected users as required by applicable privacy laws
  • Incident investigation includes root cause analysis and remediation
  • We work with law enforcement if necessary

Incident Reporting:

If you suspect a security issue, please contact us immediately at fitloveadvisor@gmail.com with details.

Employee & Vendor Security

  • Access Controls: Only authorized employees have access to sensitive systems and data
  • Background Checks: Team members involved with data handling undergo appropriate screening
  • Training: Staff responsible for data handling receive security and privacy training
  • Confidentiality Agreements: All team members sign confidentiality agreements
  • Vendor Security: Third-party vendors (Google Firebase, Anthropic) are subject to security and privacy requirements

Compliance & Standards

  • GDPR: We comply with General Data Protection Regulation requirements for EU users
  • CCPA: We comply with California Consumer Privacy Act requirements
  • SOC 2: Our cloud infrastructure provider (Google Firebase) maintains SOC 2 Type II compliance
  • Industry Standards: We follow industry best practices for data protection and cybersecurity

Third-Party Service Security

F.I.T. Love AI uses trusted third-party services that maintain their own security standards:

  • Google Firebase: Enterprise-grade cloud infrastructure with built-in security, compliance with SOC 2, GDPR, CCPA
  • Anthropic Claude AI: Enterprise privacy and security standards for AI services
  • Google & Facebook Authentication: Industry-standard federated authentication providers

Security Best Practices for Users

Protect Your Account:

  • Strong Password: Use a unique, complex password for your F.I.T. Love AI account
  • Password Manager: Consider using a password manager to securely store passwords
  • Don't Share Login: Never share your login credentials with anyone
  • Two-Factor Authentication: Enable 2FA if available for additional security
  • Secure Device: Use updated devices with security software and firewalls

Protect Your Data:

  • Secure Connection: Always access F.I.T. Love AI over a secure, trusted internet connection
  • Public WiFi: Avoid using public WiFi for sensitive relationship data entry
  • Logout: Always log out when finished, especially on shared devices
  • Session Timeout: Be aware that inactive sessions may time out for security

Limitations & No Guarantee

While we implement robust security measures, no system is 100% secure. We cannot guarantee absolute protection against all security threats. Users are responsible for protecting their login credentials and understanding the inherent risks of online communication.

Questions About Security?

If you have questions about our security practices or have identified a potential vulnerability, please contact us:

Email: fitloveadvisor@gmail.com
Subject: "Security Question" or "Security Vulnerability Report"

We take all security concerns seriously and will respond promptly.