Security

At Vrah, security is fundamental to everything we build. We employ industry-leading practices to protect your data, intellectual property, and creative work. Our platform is designed with multiple layers of security to ensure your projects, designs, and sensitive information remain safe and confidential.

All data transmitted between your browser and our servers is encrypted using TLS 1.3 (Transport Layer Security), the highest standard for secure web communication. Data at rest is encrypted using AES-256 encryption. This ensures that your project files, PRDs, wireframes, and designs are protected both in transit and when stored on our infrastructure.

We implement secure authentication mechanisms including OAuth 2.0 for third-party logins (Google) and industry-standard password hashing using bcrypt. Session tokens are securely managed with HTTP-only cookies to prevent XSS attacks. Multi-factor authentication (MFA) is available for enterprise accounts to add an extra layer of security.

Our infrastructure is hosted on enterprise-grade cloud platforms with built-in DDoS protection, automated backups, and 99.9% uptime SLA. We employ containerization and isolated environments to ensure that your data is segregated and protected. Regular security patches and updates are applied automatically to maintain the highest security standards.

You retain full ownership and intellectual property rights over all content you create on Vrah. We do not use your project data to train AI models without explicit consent. Your designs, PRDs, and project files are never shared with third parties or used for any purpose other than providing you with our services. We follow a strict zero-persistence policy for sensitive operations like Figma exports.

Vrah is committed to meeting international security and privacy standards. We comply with GDPR (General Data Protection Regulation) for European users and follow SOC 2 Type II principles for data security. Our practices align with ISO 27001 standards for information security management. We conduct regular third-party security audits to validate our security posture.

We maintain a comprehensive incident response plan to quickly address any security concerns. Our security team monitors systems 24/7 for suspicious activity. In the unlikely event of a security incident, we will notify affected users within 72 hours and provide detailed information about the incident and remediation steps taken.

Our development team follows secure coding practices and conducts regular code reviews. We perform automated security scanning on all code commits and conduct penetration testing quarterly. All third-party dependencies are regularly audited for known vulnerabilities. We maintain a responsible disclosure program for security researchers.

While we implement robust security measures, we encourage users to follow best practices: use strong, unique passwords; enable two-factor authentication when available; regularly review account activity; avoid sharing credentials; and report any suspicious activity immediately to security@vrah.ai.

If you discover a security vulnerability or have security concerns, please report them immediately to security@vrah.ai. We take all reports seriously and will respond within 48 hours. For sensitive disclosures, we offer a bug bounty program for qualifying vulnerabilities. We appreciate the security community's help in keeping Vrah secure.