Our Commitment to Security
At Bhumi, we understand that you trust us with sensitive financial information. Protecting that information is fundamental to our business. We use industry-standard practices to safeguard your data and are actively working to strengthen our security posture.
Data Protection Measures
Encryption
- In Transit: All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher (HTTPS enforced)
- API Keys: API keys are managed server-side through our secure proxy — they are never exposed in client-side code
- Client-Side Storage: Data processed through the CAM Isolation Tool is stored locally in your browser's IndexedDB. We are implementing client-side encryption for this data.
Access Controls
- Access to the application is restricted to authorized users
- API endpoints are protected by rate limiting and origin restrictions
- We are implementing enhanced authentication controls
Infrastructure Security
- Application hosted on Vercel (SOC 2 Type II compliant)
- AI processing via Google Gemini API (SOC 2 compliant)
- Automated secret scanning on all code commits
- Automated dependency vulnerability monitoring via Dependabot
Data Handling Practices
Document Processing
- Documents are uploaded directly from your browser to Google's Gemini API for analysis
- Document contents are not stored on our servers — processing happens via API calls
- Results are stored locally in your browser and can be deleted at any time
No AI Training on Your Data
We do not use your documents or data to train artificial intelligence or machine learning models. Your data is used solely to provide the services you have requested. Google's Gemini API does not use API-submitted data for model training.
Data Retention
- Analysis results are stored locally in your browser — you control this data
- You may delete your data at any time through the application Settings
- We do not retain copies of your documents on our servers
Third-Party Services
We use the following third-party services to provide and improve our product:
- Vercel — Application hosting and serverless functions
- Google Gemini API — AI-powered document analysis
- PostHog — Product analytics (event-level only; session recording is disabled)
- Cloudflare — DNS, CDN, and DDoS protection for bhumi.build
Your Role in Security
Security is a shared responsibility. We recommend the following practices:
- Use strong, unique passwords for any accounts
- Be cautious of phishing attempts — we will never ask for sensitive information via unsolicited email
- Use secure methods when transmitting sensitive documents
- Report any suspicious activity to us immediately
- Keep your own systems and software up to date
Reporting Security Concerns
If you discover a security vulnerability or have concerns about the security of your data, please contact us immediately:
Bhumi LLC
Email: [email protected]
Subject: Security ConcernWe take all security reports seriously and will respond promptly to investigate and address any issues.