Orange Glazz AI← Back to Home

Trust & Safety

Security

Last updated: March 15, 2026

Security is not an afterthought at Orange Glazz AI — it is built into everything we ship. Here is how we keep your data and accounts safe.

How We Protect You

Encryption in Transit

All data between your browser and our servers is encrypted using TLS 1.3. We enforce HTTPS across every endpoint — no exceptions.

Secure Authentication

Passwords are hashed using bcrypt before storage. We support email verification and plan to add 2FA. Session tokens are rotated regularly.

Access Control

User data access is strictly role-based. Only authorised personnel can access production systems, and all access is logged and audited.

Infrastructure Security

Our infrastructure runs on trusted cloud providers with SOC 2 compliance. Databases are isolated, firewalled, and backed up regularly.

Responsible Disclosure

Found a vulnerability? We appreciate responsible security researchers. Please do not publicly disclose issues before we have had a chance to fix them. Here is how to report:

  • 1Email us at security@orangeglazz.com with a clear description of the vulnerability.
  • 2Include steps to reproduce, potential impact, and any proof-of-concept if possible.
  • 3We will acknowledge your report within 48 hours.
  • 4We aim to resolve critical vulnerabilities within 7 days and other issues within 30 days.
  • 5We will credit researchers who responsibly disclose valid vulnerabilities (if you want credit).

In Scope

  • orangeglazz.com and all subdomains
  • GARAI AI platform and API endpoints
  • Authentication and session management
  • User data handling and storage

Out of Scope

  • Social engineering or phishing attacks against our team or users
  • Denial of service (DoS/DDoS) attacks
  • Automated scanning without prior permission
  • Physical security of our infrastructure

Report a Vulnerability

Email our security team directly:

security@orangeglazz.com
PrivacyTermsSecurity