Security at
Gleon OS

Security is built into Gleon OS from the ground up — protected by design, not as an afterthought. This page explains the controls in place today and how our architecture is designed to scale.

• 🔐

  Encryption at Rest (AES-256)

  Data at rest — including database records, memories, and files — is encrypted with AES-256 by our managed infrastructure providers.

• 🛡️

  Encryption in Transit (TLS)

  Connections to Gleon OS are HTTPS-only and encrypted in transit using modern TLS (1.2+ / 1.3).

• 🔑

  OTP + JWT Authentication

  Phone OTP combined with JWT-based authentication using short-lived access tokens, designed for refresh-token rotation.

• 🏗️

  Row-Level Security

  Database row-level security (RLS) policies are used so each account can only access its own data, with tenant isolation enforced at the database layer.

• ⚡

  Rate Limiting & Usage Control

  A multi-layer usage-control system applies per-plan rate limits on every request to help mitigate API abuse and runaway usage.

• 🌐

  No Data Selling

  We don't sell your data or use it for advertising. Data is shared only with the subprocessors needed to run the service (such as AI and infrastructure providers). See our Privacy Policy for details.

Multi-Layer Usage Protection

Every API request passes through several independent usage-protection layers that govern cost, limits, and abuse resistance.

• L1
  Monthly Cap

  Total monthly credit budget enforced per plan.
• L2
  Daily Cap

  Daily usage limits prevent burning credits in a single day.
• L3
  Hourly Cap

  Hourly limits with a short cooldown help curb bursts.
• L4
  Premium AI Cap

  Premium AI model usage is capped per plan.
• L5
  Agent Limits

  Agent run timeouts help prevent runaway usage.
• L6
  Browser Limits

  Browser scanning is batched to reduce cost and load.
• L7
  Prompt Caching

  Prompt caching reduces repeated processing cost.