Fostera Security & Trust

Data in transit and at rest

All connections to Fostera are TLS 1.3. Browser↔server traffic, server↔database traffic, and server↔model-provider traffic are all encrypted in transit.

Data at rest is encrypted on managed infrastructure (Vercel for compute, Neon Postgres for primary data). Database disks are encrypted by the cloud provider. Backups are encrypted with the same controls.

Stripe handles payment cards directly — Fostera never sees or stores raw card numbers. Subscription state and billing identifiers are stored, but PAN data is not.

Authentication and account security

Authentication is handled by NextAuth v5 with email magic links and OAuth (Google, GitHub). Passwords, when used, are hashed with bcrypt and never stored in plain text.

Sessions are signed cookies with a reasonable expiration. Session tokens are httpOnly and secure.

Optional 2FA is on the roadmap. For now, magic links + OAuth providers are the supported sign-in surfaces.

What we do with your data

Your conversations and your Soul's memories are never used to train AI models. Ever. This is the most common privacy question in the AI category and the answer is unambiguous.

Your data is processed by AI model providers (OpenAI, Anthropic, Google) under their respective enterprise terms. Those terms include zero data retention for API traffic — providers do not train on Fostera traffic.

Aggregated, non-identifying usage telemetry is collected to improve product reliability. You can opt out via the consent banner.

Vendor and dependency posture

Compute: Vercel (Node.js + Edge functions on Fluid Compute).

Database: Neon Postgres on Vercel Marketplace.

Authentication: NextAuth v5 + OAuth providers.

AI models: OpenAI, Anthropic, Google — accessed via direct API or Vercel AI Gateway, all under enterprise terms with zero data retention.

Payments: Stripe (PCI DSS Level 1 compliant).

Email: SMTP via configured provider.

We choose vendors with mature security postures and document them here so you can evaluate the supply chain.

Incident response

If we discover a security incident affecting user data, we will notify affected users as quickly as we can confirm the scope, and within statutory deadlines (72 hours under GDPR; state-level deadlines in the US).

If you discover a security issue, please email security@fostera.ai with details and reproduction steps. We respond to verified reports within 48 hours and treat coordinated disclosure as the standard.

We do not currently run a paid bug bounty. We do credit researchers who report verified issues.

Data control: export, edit, delete

You can export everything: Souls, conversations, memories, and account data. Settings → Data & Storage → Export your data delivers a ZIP of portable JSON.

You can edit what your Soul remembers. Each Soul has a memory browser showing extracted memories; you can delete individual memories at any time.

You can delete your account. Settings → Account → Delete account permanently removes your data within 30 days. Stripe payment metadata is retained for legal/accounting purposes per Stripe's policy.

Data deletion is permanent. We do not maintain shadow copies of deleted data for recovery. Plan accordingly.

Compliance and legal

Fostera is operated from the United States. We aim for GDPR, CCPA, and equivalent compliance.

Fostera is 18+ adults-only. We do not knowingly collect data from minors. If you believe a minor has created an account, contact us via /contact and we will remove the account and associated data.

Fostera is not a HIPAA-covered entity. Fostera is not a therapist, therapy app, or substitute for licensed mental-health care. Do not use Fostera as a substitute for clinical care; if in crisis, contact 988 (US) or local emergency services.

Where to read more

/privacy — full privacy policy.

/terms — terms of service.

/cookies — cookie usage and consent controls.

/safe-ai-companion — broader trust posture for AI companion users.