Last updated: April 17, 2025
Security is foundational to Aether. We protect your data, your integrations, and your business with enterprise-grade practices — regardless of which plan you're on.
All data transmitted to and from Aether is encrypted in transit using TLS 1.2+. Data stored at rest — including your API keys, integration credentials, and account information — is encrypted using AES-256. We never store sensitive credentials in plaintext.
Aether uses signed JWT tokens for session management with a 30-day expiry. Passwords are hashed using bcrypt with a minimum cost factor of 12. We do not store plaintext passwords under any circumstances. We also enforce rate limiting on login and signup endpoints to prevent brute-force attacks.
When you connect third-party services (Resend, Meta, X, etc.), your API keys are encrypted before being written to the database. They are decrypted only at runtime within our secure application servers and are never exposed in logs, error messages, or client-side responses.
Aether is hosted on Vercel's globally distributed edge network and backed by Neon PostgreSQL. Database access is restricted exclusively to our application servers via private networking — no public database access is permitted. All environment variables and secrets are managed via Vercel's encrypted secrets manager.
Internal access to production systems follows the principle of least privilege. Only authorized personnel with a business need can access production infrastructure, and all access is logged and audited.
In the event of a security incident affecting your data, we will notify affected users within 72 hours of discovery, in accordance with applicable regulations including GDPR. We maintain an incident response plan and conduct regular reviews of our security posture.
If you discover a potential security vulnerability in Aether, please report it to us privately at security@useaether.net. We take all reports seriously and will respond within 48 hours. Please do not publicly disclose vulnerabilities before we've had a chance to investigate and remediate.
Security questions or concerns? Reach our security team at security@useaether.net.