Back to Legal

Security

In Effect as of May 29, 2026

Welcome to the Security Architecture overview for XiteAI Technologies. We engineer our platform with a defense-in-depth methodology, ensuring that your queries, sensitive documents, and personal identity remain cryptographically shielded off-grid.

This overview outlines the extensive safeguards embedded within the core infrastructure of our platform (chat.xiteai.com).

A. Cryptographic Transmission & Storage

Data exposure vectors are neutralized through strict multi-tier encryption protocols.

1. Data in Transit

Every byte of data traversing between your chosen device and our routing nodes is encrypted via TLS 1.3. Whether you are generating a Cheat Sheet on iOS or using the native Web App framework over desktop, your session is shielded against packet interception and man-in-the-middle (MITM) intrusion.

2. Data at Rest

Persistent state data, including your historical chat transcripts and uploaded contextual files (PDFs, DOCXs), are encrypted at rest using AES-256 standard cryptographic logic. Our database clusters are housed in ISO/IEC 27001 certified physical data centers with strict biometric controls.

B. Infrastructure & Routing Integrity

XiteAI handles dynamic model routing seamlessly. To protect platform health against malicious spikes and structural abuse, we have deployed multiple layers of resilience:

  • Granular Rate Limiting: Intelligent traffic shapers and in-memory caches monitor per-user request loads. This shields the wider network from Distributed Denial of Service (DDoS) assaults and recursive token-flooding attempts.
  • Continuous Vulnerability Analysis: We routinely deploy automated regression tests, static application security testing (SAST), and runtime audits against our core codebases to preemptively eliminate OWASP Top 10 vulnerabilities.
  • Stateless Upstream Proxies: When your prompts are routed to external foundation models (e.g., via OpenRouter or direct APIs), the connection is brokered asynchronously. We strip local endpoint metadata to ensure that underlying inference engines only receive the raw text needed to construct a response.

C. Account Protection & Isolation

Your XiteAI profile serves as your personal command center. We deploy robust enterprise-level safeguards at the identity layer.

  • Multi-Tenant Architecture: The backend is meticulously siloed. Database queries require strict cryptographic user identification. A catastrophic failure in one virtual container cannot laterally breach another user's isolated chat history.
  • Secure Authentication: Password hashing is performed using proven cryptographic functions designed to thwart rainbow table cracking. Furthermore, robust SSO alternatives (such as Google OAuth) abstract critical password storage entirely out of our ecosystem.
  • Session Lifecycle Management: Inactive auth tokens automatically expire, requiring re-authentication to prevent persistent unauthorized access on dormant devices.

D. Incident Response & Bug Bounty Framework

No operational perimeter is truly unbreachable. At XiteAI, our Security Operations Center (SOC) operates on a paradigm of rapid triage and response.

In the highly unlikely event of a verified data anomaly or cluster breach, XiteAI is committed to informing affected users and relevant jurisdictional data authorities within the legally mandated reporting windows.

Responsible Disclosure

We actively encourage security researchers to safely scrutinize our perimeter. If you are a white-hat analyst and have discovered an exploitable vector, please refrain from executing public disclosures prior to contacting our SOC. We maintain strict non-retaliation policies for good-faith vulnerability reports.

To report a security vulnerability: