Security & trust

Built to hold your worlds safely.

What we do to protect your content, your account, and your data — from infrastructure to policy.

§ 01

Infrastructure & encryption

how we host
§ hosting

Cloud infrastructure in the EU

All LoreHub services run on AWS in the eu-west-1 (Ireland) region. No user data leaves the EU without explicit consent. We use isolated VPCs, private subnets, and strict security group rules for all production workloads.

AWS eu-west-1 · Ireland
§ at rest

Encryption at rest

All stored data — your worlds, books, entities, and account information — is encrypted at rest using AES-256. Database volumes, backups, and object storage are all encrypted. Encryption keys are managed through AWS KMS with automatic rotation.

AES-256 · AWS KMS · Auto key rotation
§ in transit

Encryption in transit

All communication between your browser and LoreHub is encrypted with TLS 1.3. We enforce HSTS, disable older TLS versions and weak cipher suites, and maintain an A+ rating on SSL Labs. API calls between internal services are also mutually authenticated and encrypted.

TLS 1.3 · HSTS · mTLS internal
§ access

Access controls & authentication

Production system access is restricted to a small number of engineers, all of whom use hardware MFA and time-limited credentials. We operate a least-privilege model: every system and person gets only the access they need to do their job. All access is logged and reviewed.

MFA-enforced · Least privilege · Audit logging
§ 02

Your content is yours

the commitment

We don't train on your content.
This is a commitment, not a footnote.

Your private worlds, books, characters, and generation directives are never used to train AI models — ours or anyone else's. Your content is yours. It remains private, it stays in the EU, and it never becomes someone else's training data. You can export everything at any time, and delete it completely at any time.

§ 03

Compliance & certification

standards

We take our obligations under data protection law seriously, and we're working toward formal certifications as we scale.

Data protection GDPR Compliant
UK data law UK GDPR Compliant
Security audit SOC 2 Type II In progress
Payment security PCI DSS Via Stripe
AI Act (EU) EU AI Act Monitoring
§ 04

Responsible disclosure

security research

Found a vulnerability?

We welcome responsible security research. If you've found a vulnerability in LoreHub, please disclose it to us privately before making it public. We commit to acknowledging your report within 2 business days and keeping you informed as we investigate and resolve the issue.

Please email [email protected] with a clear description of the issue, steps to reproduce, and the potential impact. We ask that you do not access, modify, or delete other users' data during your research.

We do not currently run a formal bug bounty programme, but we acknowledge researchers publicly (with their consent) and will consider appropriate recognition for significant findings.

*

LoreHub.ai is currently in pre-launch development and is not yet publicly available. All prices, features, plan limits, statistics, and availability dates shown on this website are illustrative only and are subject to change without notice at or prior to general availability. Nothing on this website constitutes a binding offer, guarantee, or commitment of any kind. Actual pricing, feature set, and launch timeline will be confirmed at the time of general availability.