Security & data handling, built into everything
Your agency's work is sensitive. Here's exactly how Dear Theo handles it — your API keys encrypted, sign-in through Google, and your content kept yours. No fine print.
The commitments we can actually stand behind
Encrypted at rest
Your LLM provider API keys are encrypted before they're written to storage.
Google sign-in
Authentication runs through Google OAuth. We never store a password.
You own your work
Your uploads and generated outputs belong to you — export or delete them anytime.
No model training
We don't use your content to train AI models, and we don't sell it.
Multiple layers, from infrastructure to application
Encryption at rest
Your LLM provider API keys are encrypted with strong symmetric encryption before they're stored, and everything travels over HTTPS. Your credentials never sit in plaintext.
- API keys encrypted before storage
- Encrypted in transit over HTTPS/TLS
- Keys scoped to your own account
Sign-in through Google
Authentication is handled by Google OAuth, so there's no password for us to store or leak. Access to your workspace is scoped to you and your organization.
- Google OAuth sign-in
- No passwords stored
- Organization-scoped access to your work
Your data stays yours
Your content isn't used to train AI models and isn't sold. Your documents and the vectors we build for retrieval are stored under your account and surfaced only back to you.
- No training on your content
- Per-account document and vector storage
- You own everything you make
Where your data lives
We're plain about where things sit and who touches them. Our sub-processors are Google, for Firebase, and the LLM provider you choose to connect.
- Documents in Google Firestore
- Files in Firebase Storage
- Retrieval vectors in Pinecone
We don't sell your data. We don't train on it.
We don't even look at it unless you ask us to for support.
What we collect
Only what's necessary: account information, uploaded documents, workflow configurations, and usage analytics to improve the product. You can export or delete everything at any time.
What we don't do
- We don't sell your data to third parties
- We don't use your content to train public AI models
- We don't share your information without your consent
- We don't access your data unless you request support
Your rights
You own your data. You can export it, delete it, or take it with you at any time. No lock-in. No hostage-taking. If you cancel, you can export everything before we permanently delete it.
Incident response & reporting
If a security incident ever affects your data, we'll tell you promptly and keep you updated in plain language until it's resolved.
Report a security issue: security@deartheo.app
Responsible disclosure: Email us and we'll acknowledge the report and work with you on a fix.