Last updated: March 6, 2026
Security matters a lot to us. This page explains how we protect your data, what we do to keep Saroya.ai secure, and how to report security issues if you find one.
We encrypt everything. Data sitting on our servers is encrypted with AES-256. Data moving between your device and our servers uses TLS 1.3. Encryption keys are managed through hardware security modules, and we rotate them regularly.
AES-256 for all stored data - your training content, account info, AI models, everything.
TLS 1.3 secures data traveling between you and our servers.
Keys handled through hardware security modules with regular rotation.
Each customer's data is cryptographically isolated. Your training data never mixes with anyone else's.
Our servers run in ISO 27001 certified data centers with 24/7 monitoring. We use firewalls, intrusion detection, and DDoS protection. Team members have to use multi-factor authentication, and we follow the principle of least privilege - people only have access to what they actually need for their job.
Daily backups happen automatically, and we have a disaster recovery plan in place. Not that we ever want to use it, but it's there.
You can enable two-factor authentication on your account (we recommend doing this). Session tokens are encrypted and expire automatically. Passwords are hashed using bcrypt, and we'll notify you if we detect any suspicious login activity.
We don't store your full credit card information. Payment processing is handled by Dodo Payments, which is PCI DSS Level 1 certified - that's the highest level of payment security certification. They handle card tokenization, fraud detection, and 3D Secure authentication. Your card details never touch our servers.
Your Digital Mind is trained in a completely isolated environment. There's no cross-contamination between users - your training data is NEVER used to train anyone else's AI. You own your trained model and all your training data. Deployed models use authenticated APIs with rate limiting.
Here's the thing: Your knowledge, your expertise, your voice - it's yours alone. We never use your training data to train Digital Minds for other creators. Each AI is trained in isolation and remains your exclusive property.
We comply with GDPR for EU users and India's DPDPA for domestic users. Payment processing meets PCI DSS standards through certified providers. We run annual security assessments and penetration testing by independent third parties.
If you discover a vulnerability, we'd appreciate hearing about it before you go public. Here's what we commit to:
To report a vulnerability: Email security@saroya.ai with the details. Please give us time to fix it before disclosing publicly.
We have an incident response plan. Here's what happens if there's a security incident:
Data breaches: If personal data is involved, we'll notify affected users as quickly as possible and in compliance with legal requirements, including GDPR's 72-hour rule.
For security stuff or vulnerability reports: security@saroya.ai