Security | Free.ai
How we protect your data. Encryption, privacy, and security practices.
过境加密
您的浏览器和 Free.ai 之间的所有流量均使用 HTTPS (TLS 1.2+) 加密。 API 请求我们的 GPU 推断服务器也是加密的端对端 。 我们强制执行 HSTS 以防止降级攻击 。
您的数据不用于训练
我们不使用您的输入、输出或上传文件来培训 AI 模型 & mdash; 永远 & mdash; 除非您明确选择加入。 您的数据属于您 。
PCI-综合支付
All payment processing is handled by Stripe, a PCI Level 1 certified payment processor. We never store your credit card number, CVV, or full card details on our servers.
开放源码和可审计模型
我们自办的人工智能模型都是根据许可许可证(Apache 2.0和MIT)开发的开放源码。 模型重量、架构和培训方法是公开的,任何人都可以独立审计。
无数据出售
我们不为广告或营销目的向第三方出售、租赁或分享你的个人数据。
基础设施安全
我们的服务器以硬化的 VPS 和 云式 GPU 基础设施为主, 只有 SSH 关键访问, 自动安全更新, 以及将交通限制在仅必要端口的防火墙规则。 数据库备份被加密了 。
是否有安全顾虑? 联系我们。
FAQ
Yes. All traffic between your browser and Free.ai is encrypted with HTTPS using TLS 1.2+. API requests to our GPU inference server are also encrypted end-to-end. We enforce HSTS to prevent downgrade attacks.
No. We never use your inputs, outputs, or uploaded files to train AI models unless you explicitly opt in. This applies to all users -- free, paid, and enterprise.
All payment processing is handled by Stripe, a PCI Level 1 certified processor. We never store your credit card number, CVV, or full card details on our servers. Stripe handles all sensitive payment data.
Yes. All self-hosted models are open-source under permissive licenses (Apache 2.0, MIT). The model weights, architectures, and training methodologies are publicly available on HuggingFace and GitHub for anyone to audit.
No. We do not sell, rent, or share your personal data with third parties for advertising or marketing purposes. This is a firm policy with no exceptions.
Our servers use SSH key-only access (no password authentication), automatic security updates, firewall rules restricting traffic to necessary ports, and encrypted database backups. We follow security best practices for all infrastructure.
Uploaded files (images, audio, documents) are processed for the requested AI task and are not retained permanently. They are not used for training, shared with other users, or sold to third parties.
We follow GDPR principles including data minimization, purpose limitation, and the right to deletion. Enterprise customers can choose EU data residency through private cloud deployment. Contact us for a Data Processing Agreement (DPA).
Yes. You can delete your account at any time from your account settings. This removes your personal data, chat history, and API keys. Account deletion is permanent and processed immediately.
We monitor for vulnerabilities continuously and apply security patches promptly. If you discover a security issue, please report it to us through the contact form. We take all reports seriously and respond quickly.
Two-factor authentication (2FA) is available for all accounts to add an extra layer of security. Enterprise accounts can enforce 2FA for all team members through their SSO provider.
API keys are hashed before storage and transmitted only over HTTPS. You can revoke and regenerate keys at any time from the developer settings. We recommend rotating keys regularly and never sharing them publicly.