Security

Your data is your data.

We built JUCEY with security and privacy as core principles. Here's how we protect your content and personal information.

πŸ”

Authentication

Clerk handles all authentication (SOC 2 Type 2 audited). We never see or store your passwords, and password resets happen entirely through Clerk.

πŸ›‘οΈ

Data Encryption

TLS 1.3 in transit everywhere. Database is hosted on Railway Postgres with encryption at rest at the storage layer. Voice profiles are per-user isolated.

πŸ”’

No Training Data

Your content is never used to train AI models. Your clips and voice profile are only accessible to you.

How We Handle Your Content

  • βœ“LinkedIn/X posts scraped during onboarding are only used to build your voice profile
  • βœ“Every row is scoped by userId; no cross-tenant reads
  • βœ“Voice profiles are never shared between users
  • βœ“We never send your content to third-party model-training pipelines; OpenAI/Anthropic calls are made with training opt-out enabled
  • βœ“We do not sell or share your data with third parties

Third-Party Sub-Processors

JUCEY relies on these providers. Each one publishes its own security posture β€” the badges below summarise what they certify, not what JUCEY itself is certified for.

Clerk

Authentication & user management

SOC 2 Type 2 (Clerk)
Stripe

Payment processing

PCI DSS Level 1 (Stripe)
OpenAI

Content generation

SOC 2 Type 2 (OpenAI)
Anthropic

Content generation

SOC 2 Type 2 (Anthropic)
Perplexity

Trending-topic discovery

Public API
Apify

LinkedIn/X scraping

SOC 2 Type 2 (Apify)
Railway

Hosting infrastructure (Postgres + web)

SOC 2 Type 2 (Railway)
Sentry

Error monitoring

SOC 2 Type 2 (Sentry)

Your Rights

Right to Deletion (GDPR / CCPA)

Settings β†’ Delete account. The handler at /api/account/delete cascades through every row in a single transaction (clips, drafts, voice profile, embeddings, extension tokens).

No Sale of Personal Information (CCPA)

We do not sell your content or profile to advertisers, data brokers, or model-training providers.

Data Export

Email security@jucey.app for a full JSON export of your account data. A self-serve export endpoint is on the roadmap.

SOC 2

JUCEY is not yet independently audited against SOC 2. We use SOC 2–audited sub-processors (see table above) and publish our controls in SECURITY.md.

Security Questions?

Contact our security team for vulnerability reports, compliance questions, or security documentation.

security@jucey.app