Security and Data Protection

How Sukrat protects your data and maintains platform security

Last Updated: February 16, 2026

Sukrat AI is committed to protecting your data and maintaining the security of our platform.

This page describes the technical and organizational measures we use to safeguard user information.

1. Overview

We implement industry-standard security practices designed to protect:

  • User accounts
  • Educational data
  • Personal information
  • Platform integrity

Security is a core part of Sukrat's system architecture.

2. Data Encryption

We use encryption to protect data both in transit and at rest.

2.1 Encryption in Transit

All data transmitted between your device and Sukrat is encrypted using HTTPS (TLS).

This protects against interception and unauthorized access.

2.2 Encryption at Rest

Sensitive data stored in our systems is protected using secure infrastructure and encryption provided by our database and infrastructure providers.

3. Authentication and Account Protection

We use secure authentication systems to protect user accounts.

Security measures include:

  • Encrypted passwords
  • Secure session management
  • Token-based authentication
  • Protection against unauthorized access

Users are responsible for maintaining the confidentiality of their credentials.

4. Infrastructure Security

Sukrat uses trusted infrastructure providers that implement strong security controls.

These providers include:

  • Supabase — database and authentication infrastructure
  • Hosting and cloud infrastructure providers
  • Stripe — payment processing

These providers maintain industry-standard security protections.

5. Access Controls

Access to user data is restricted.

We implement:

  • Role-based access controls
  • Limited access to sensitive data
  • Internal access restrictions

Only authorized personnel may access systems when necessary.

6. Monitoring and Threat Detection

We monitor our systems to detect:

  • Unauthorized access
  • Abuse
  • Suspicious activity
  • Security threats

We investigate and respond to potential threats.

7. Data Minimization

We collect only the data necessary to operate Sukrat.

We do not collect unnecessary personal data.

We do not sell user data.

8. Third-Party Security

We work with trusted third-party providers to operate Sukrat.

These providers are selected based on their security practices.

Examples include:

  • Supabase — infrastructure and database
  • Anthropic and OpenAI — AI processing
  • Stripe — payment processing
  • PostHog — analytics

These providers are responsible for protecting data within their systems.

9. Incident Response

If we detect a security incident, we will:

  • Investigate the issue
  • Take steps to contain and resolve it
  • Notify affected users where required by law

We take security incidents seriously.

10. User Responsibilities

Users play an important role in maintaining security.

You should:

  • Use a strong password
  • Keep your credentials confidential
  • Avoid sharing your account
  • Notify us of suspicious activity

11. Limitations

No system is completely secure.

While we implement strong safeguards, we cannot guarantee absolute security.

12. Continuous Improvement

We continuously improve our security practices to protect users and the platform.

13. Contact

If you have questions or wish to report security concerns, contact: security@sukrat.ai

Last Modified: February 16, 2026

Policy Version: 1.0