How we protect your data, your payments, and the integrity of your assessment.
FluencyIndex.ai is registered with the UK Information Commissioner's Office and operates under UK GDPR. User data is stored in the EU region on Supabase, with row-level security enforced on every table. Assessment data is retained only as long as needed to generate your report and support long-term benchmarking (fully anonymised). Full details in our Privacy Policy.
Card details are collected and processed exclusively by Stripe, which is PCI-DSS Level 1 certified. We never see, store, or transmit card numbers. Subscriptions are managed entirely through Stripe Checkout and the Stripe Billing Portal.
One-time verification codes are bcrypt-hashed before storage. Session tokens use HMAC-signed, server-verified payloads with a 30-day time-to-live. Protected API routes validate the token signature, expiry, and database record on every request.
Hosted on Vercel with TLS 1.2+ enforced everywhere. We set HTTP Strict Transport Security (HSTS), a Content Security Policy (CSP), X-Frame-Options, X-Content-Type-Options, and a strict Referrer-Policy on every response. CORS is restricted to allowed origins in production.
FluencyIndex.ai is positioned as a decision-support tool, not a decision-making tool. Scores are one data point among many and must not be used as the sole basis for employment decisions. This aligns with Article 22 principles and UK AI regulation readiness. Our Terms of Service make this requirement explicit.
If you believe you've found a security issue, please email security@vyteon.com with a description and, where possible, steps to reproduce. We acknowledge all reports within 48 hours and work in good faith with researchers who disclose responsibly.