Security

Last Updated: January 2025

Security at ThoughtTap

Security is a core principle at ThoughtTap. We are committed to protecting your data and ensuring the integrity of our service. Here's how we approach security:

1. Privacy-First Architecture

ThoughtTap is designed with privacy and security as foundational principles. Your prompts and code are processed locally on your device whenever possible, never stored on our servers.

Local Processing

  • All rule-based optimizations happen locally on your device
  • Your custom prompts and code never leave your machine
  • No server-side storage of sensitive information

2. Encryption and Data Protection

  • In Transit: All data transmitted between your device and our servers uses TLS 1.2+ encryption
  • At Rest: Sensitive data is encrypted using industry-standard algorithms
  • API Keys: Your AI provider API keys are stored locally on your device and encrypted
  • Payment Data: All payment information is processed through Stripe and never stored on our servers

3. Safe Mode Feature

ThoughtTap includes a Safe Mode feature that prevents certain operations that might compromise security:

  • Prevents sending custom code to external services
  • Restricts API calls to verified providers only
  • Disables risky optimization patterns by default
  • Provides warnings before executing potentially dangerous operations

4. Token Budget Management

Our built-in token budget management prevents unexpected costs and potential abuse:

  • Set daily, weekly, or monthly token limits
  • Real-time tracking of API usage and costs
  • Automatic stopping when budget limits are reached
  • Detailed usage reports and analytics

5. Regular Security Audits

We conduct regular security assessments and vulnerability testing to ensure the highest standards:

  • Regular code reviews and security audits
  • Dependency vulnerability scanning
  • Penetration testing by third-party security experts
  • Continuous monitoring for threats and anomalies

6. Incident Response

We have a comprehensive incident response plan to quickly address any potential security issues:

  • 24/7 security monitoring and threat detection
  • Rapid response team for security incidents
  • Transparent communication with users about any issues
  • Regular security updates and patches

7. Report a Security Vulnerability

If you discover a security vulnerability, please report it responsibly to us:

  • Email: security@thoughttap.com
  • Subject: Security Vulnerability Report

Please do not publicly disclose the vulnerability until we have had time to investigate and issue a fix.

Security Commitments

  • ✅ Your code and prompts stay on your device
  • ✅ All data in transit is encrypted (TLS 1.2+)
  • ✅ Safe Mode prevents risky operations
  • ✅ Token budget management for cost control
  • ✅ Regular security audits and updates
  • ✅ 24/7 monitoring and threat detection