Security
Last updated: March 5, 2026
InfiniteAny is built with security in mind. This page describes how we protect your data, our infrastructure, and the subprocessors we use to operate the Services.
1. Security Overview
We use technical and organizational measures to protect your data and the integrity of our platform. Security is integrated into our development process, infrastructure choices, and operational practices.
2. Data Security
- Encryption in transit: TLS 1.2+ for all connections; sensitive endpoints use strict transport security.
- Encryption at rest: Data and credentials are encrypted at rest using industry-standard methods.
- Secrets and credentials: API keys, OAuth tokens, and integration credentials are stored securely and accessed only when needed to deliver the Services.
3. Infrastructure
Our core infrastructure runs on trusted providers:
- Hosting and compute: Google Cloud (and/or compatible cloud providers) with network isolation and access controls.
- Database: Neon (managed PostgreSQL) with encryption and access controls.
- CDN and edge: Cloudflare for performance and DDoS protection.
- Code and CI: GitHub for source code and deployment pipelines.
4. Authentication and Access
- Authentication via OAuth (e.g. Google) and/or magic links; we do not store plain-text passwords where avoidable.
- Session management with secure, httpOnly cookies and appropriate timeouts.
- Role-based access within the product; least-privilege principles for internal access to systems.
5. Payment Security
Payments are processed by Stripe. We do not store full card numbers or sensitive card data. Stripe is PCI-DSS compliant. Your billing and subscription data are handled in accordance with Stripe's security practices.
6. AI Providers
We send prompts and context to third-party AI providers (e.g. Anthropic, OpenAI) to run our AI specialists. Data shared with these providers is subject to their security and privacy commitments and our agreements with them. We select providers that maintain strong security and compliance practices.
7. Monitoring and Incident Response
We use logging, error tracking, and monitoring to detect and respond to issues. In the event of a security incident that affects your data, we will notify you and relevant authorities as required by law. To report a security concern or vulnerability, contact us at security@infiniteany.com.
8. Responsible Disclosure
We welcome reports from security researchers. If you discover a vulnerability, please email security@infiniteany.com with a clear description and steps to reproduce. We will acknowledge receipt and work to address valid issues. We will not pursue legal action against researchers who report in good faith, do not access or modify data they do not own, and avoid privacy violations and service disruption. We ask that you allow us reasonable time to remediate before any public disclosure.
9. Subprocessors
We use the following categories of subprocessors to operate the Services. We select providers with appropriate security and compliance practices and require contractual commitments where applicable.
| Provider | Purpose | Location / Notes |
|---|---|---|
| Stripe | Payment processing, subscriptions, billing | Global / PCI-DSS compliant |
| Neon | Managed PostgreSQL database | Cloud regions as configured |
| Google Cloud | Compute, storage, networking, APIs (e.g. OAuth, analytics) | Multiple regions |
| Anthropic | AI model API (Claude) for agent execution | Per Anthropic terms |
| OpenAI | AI model API for agent execution | Per OpenAI terms |
| Cloudflare | CDN, DDoS protection, security | Global edge network |
| Postmark (ActiveCampaign) | Transactional email delivery | Per provider terms |
| GitHub | Source code, CI/CD, deployments | Per GitHub terms |
User-Connected Integrations
When you connect your own tools (e.g. Google Analytics, Search Console, Ahrefs, SEMrush, HubSpot, Stripe, Mailchimp, Klaviyo, Meta Ads, etc.), data flows to and from those services according to the permissions you grant. Those providers are not our subprocessors for your data; they are your chosen service providers. Their handling of data is governed by their terms and privacy policies. We access them only to perform the actions you request through InfiniteAny.
10. Changes
We may update this Security page and our subprocessor list from time to time. Material changes to subprocessors that process your personal data will be communicated as described in our Privacy Policy and any applicable data processing terms.
11. Contact
Security: security@infiniteany.com
Privacy: privacy@infiniteany.com