Security at Lipi.ai

Your trust matters to us. We take reasonable measures to protect your data and continuously work to improve the security of our services.

Security Features

Encryption in Transit

All data transmissions are encrypted using HTTPS/TLS, helping keep your font data and personal information secure during transit.

AWS Security

Built on AWS infrastructure with security groups and IAM policies to control access to resources.

Multi-Factor Authentication

Optional MFA support through AWS Cognito for enhanced account security using TOTP authenticators.

Managed Infrastructure

Our application runs on AWS managed services, which maintain their own compliance certifications including SOC 2.

Security Reviews

We periodically review our application security and aim to address vulnerabilities as they are identified.

Access Control

Role-based access control (RBAC) helps ensure users only have access to the resources they need.

Compliance & Standards

🇪🇺

GDPR Awareness

We are designed to align with GDPR principles for handling EU user data, including data minimization and user rights.

🏛️

AWS Compliance

Our infrastructure runs on AWS, which maintains SOC 2 Type II and other compliance certifications for their services.

🔒

HTTPS Everywhere

All connections are secured with HTTPS.

🛡️

OWASP Awareness

We aim to follow OWASP guidelines to help protect against common web vulnerabilities.

Security Practices

Data Protection

  • AWS managed encryption at rest for stored data
  • Encryption in transit using HTTPS/TLS
  • DynamoDB point-in-time recovery enabled
  • Minimal data collection — we only store what is needed

Application Security

  • Input validation and sanitization
  • Parameterized queries (DynamoDB) to prevent injection
  • CORS configuration to restrict cross-origin requests
  • Authentication via AWS Cognito with token-based sessions

Infrastructure Security

  • AWS managed services with built-in security controls
  • IAM policies scoped to least privilege where possible
  • Lambda functions with isolated execution environments
  • Dependencies reviewed periodically for known vulnerabilities

Access Management

  • Role-based access control (Admin, Paid, Regular)
  • Strong password requirements enforced by Cognito
  • Session timeout and token expiration
  • Optional multi-factor authentication

Responsible Disclosure

We appreciate the security research community's efforts in helping keep Lipi.ai safe. If you discover a security vulnerability, please report it responsibly.

Report a Vulnerability

We aim to respond to all security reports within 48 hours.

Security Best Practices for Users

  • 1.
    Use Strong Passwords

    Create unique, complex passwords for your Lipi.ai account and enable two-factor authentication.

  • 2.
    Keep Your Account Secure

    Never share your login credentials and be cautious of phishing attempts.

  • 3.
    Review Account Activity

    Regularly check your account activity and report any suspicious behavior.

  • 4.
    Keep Software Updated

    Ensure your browser and operating system are up to date with the latest security patches.

Questions About Security?

We are happy to address any security concerns you may have.

Contact Security TeamView Privacy Policy

Last reviewed: February 2026