Security at UpGrind

Last Updated: July 25, 2025

User Data Protection

UpGrind places the highest importance on securing your personal data. All user information, including your email, username, preferences, and AI history, is stored securely and is never shared, sold, or exposed to third parties.

Secure Database Rules

We use Firestore as our primary database. All user data is stored as strings, booleans, arrays, and objects, depending on their use (like tasks, timers, XP).

  • Read/Write rules: Access is strictly limited to the user who owns the data via Firebase Auth UID.
  • Public access: No data is readable publicly — all read rules are denied by default for unauthenticated users.

Serverless Function Security

Critical operations run on serverless functions protected by Firebase Admin SDK and secure authorization layers.

  • ID token verification: Each request is authenticated using Firebase ID tokens to ensure the sender is a valid user.
  • Admin SDK isolation: Backend logic is protected with a two-layer validation system before performing any write or read operations.
  • Environment-protected keys: Admin credentials are never hardcoded and are securely stored in environment variables with no direct client access.

AI Chat Data & Encryption

Conversations with UpGrind AI are stored securely in your account but are first encrypted using our AES-256 encryption algorithm with rotating salt keys.

  • Encryption: All AI chats are encrypted before saving using AES-256 with time-based salt keys.
  • Private storage: This data is only accessible to you and is not used to build user profiles or training datasets.
  • Auto-deletion: You can delete all AI history manually from within the app. Deleted data is permanently removed from both Firestore and backup logs.

Protection Measures

  • No password storage: User passwords are never stored directly. Firebase Authentication handles all credentials securely.
  • Session control: Inactivity or suspicious tokens automatically trigger revocation, requiring re-authentication.
  • Rate limits & abuse protection: All functions are protected from abuse via usage limits and cloud rules.

Policy Updates

We continuously improve our infrastructure. If any changes impact your security or privacy, we will notify you directly through the app.