Security Policy

    Last updated: July 29, 2025

    GPTfake is committed to responsible security practices, especially when dealing with sensitive content, automated AI analysis, and public data transparency. While we do not store personal data, we maintain a secure and resilient infrastructure to support our mission.

    1. Data Security Principles

    GPTfake follows the principles of:

    • Data minimization: We collect as little user-related data as possible
    • Read-only publishing: No user-generated content is accepted
    • Transparency by design: All analysis is public and non-personal

    We do not accept file uploads, user prompts, or private messages via our platform.

    2. Infrastructure

    Our systems are hosted on trusted, industry-standard cloud platforms (e.g., Vercel, Supabase, Hetzner, or AWS), featuring:

    • TLS encryption for all traffic
    • Daily automated backups (if applicable)
    • Geo-redundant infrastructure to improve resilience
    • Firewalling and rate-limiting to prevent abuse

    All services run in isolated environments with strict access controls.

    3. Access Control

    • Administrative access is restricted via SSH keys and MFA
    • No shared credentials are used between environments
    • Sensitive keys (e.g., API tokens to LLMs) are stored in secure vaults or environment secrets
    • Access to production is limited to authorized maintainers only

    4. Monitoring and Logging

    We monitor:

    • Uptime and response errors
    • API failures (e.g., failed model calls)
    • Anomalous behavior patterns or scraping attempts

    All logs are technical, short-lived, and do not contain personal user identifiers.

    5. Responsible Disclosure

    If you find a vulnerability in our platform, we appreciate your help. Please report it privately via email:

    [email protected]

    We’ll investigate promptly and issue updates if necessary. Please avoid publicly disclosing the issue until it is resolved.

    6. Disclaimer

    While GPTfake applies best efforts to protect its systems, we are not responsible for:

    • Vulnerabilities in the LLM APIs we monitor (e.g., OpenAI, Claude, etc.)
    • Inaccuracies or unsafe outputs in AI-generated content
    • Abuse or misuse of GPTfake data by third parties

    7. Updates

    This policy may be updated periodically to reflect evolving best practices and infrastructure changes.

    8. Contact

    Security questions or reports? Contact us at:

    [email protected]

    © 2025 GPTfake. All rights reserved.