Bhumi
ProductRefinanceLegalOpen App
← Back to Legal

Security

Last Updated: March 4, 2026

Our Commitment to Security

At Bhumi, we understand that you trust us with sensitive financial information. Protecting that information is fundamental to our business. We use industry-standard practices to safeguard your data and are actively working to strengthen our security posture.

Data Protection Measures

Encryption

  • In Transit: All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher (HTTPS enforced)
  • API Keys: API keys are managed server-side through our secure proxy — they are never exposed in client-side code
  • Client-Side Storage: Data processed through the CAM Isolation Tool is stored locally in your browser's IndexedDB. We are implementing client-side encryption for this data.

Access Controls

  • Access to the application is restricted to authorized users
  • API endpoints are protected by rate limiting and origin restrictions
  • We are implementing enhanced authentication controls

Infrastructure Security

  • Application hosted on Vercel (SOC 2 Type II compliant)
  • AI processing via Google Gemini API (SOC 2 compliant)
  • Automated secret scanning on all code commits
  • Automated dependency vulnerability monitoring via Dependabot

Data Handling Practices

Document Processing

  • Documents are uploaded directly from your browser to Google's Gemini API for analysis
  • Document contents are not stored on our servers — processing happens via API calls
  • Results are stored locally in your browser and can be deleted at any time

No AI Training on Your Data

We do not use your documents or data to train artificial intelligence or machine learning models. Your data is used solely to provide the services you have requested. Google's Gemini API does not use API-submitted data for model training.

Data Retention

  • Analysis results are stored locally in your browser — you control this data
  • You may delete your data at any time through the application Settings
  • We do not retain copies of your documents on our servers

Third-Party Services

We use the following third-party services to provide and improve our product:

  • Vercel — Application hosting and serverless functions
  • Google Gemini API — AI-powered document analysis
  • PostHog — Product analytics (event-level only; session recording is disabled)
  • Cloudflare — DNS, CDN, and DDoS protection for bhumi.build

Your Role in Security

Security is a shared responsibility. We recommend the following practices:

  • Use strong, unique passwords for any accounts
  • Be cautious of phishing attempts — we will never ask for sensitive information via unsolicited email
  • Use secure methods when transmitting sensitive documents
  • Report any suspicious activity to us immediately
  • Keep your own systems and software up to date

Reporting Security Concerns

If you discover a security vulnerability or have concerns about the security of your data, please contact us immediately:

Bhumi LLC
Email: [email protected]
Subject: Security Concern

We take all security reports seriously and will respond promptly to investigate and address any issues.

B
Legal

Copyright © 2026 Bhumi LLC. All rights reserved.