Security

Only you, and the people you explicitly choose to share with. Your documents live in private folders called Catalogues. Nobody else — not other users, not random visitors — can browse your files. When you invite someone to a Catalogue, they can ask questions of the content but they can't even see your file list; they only ever get answers, with citations. You can pause or remove their access whenever you want.

No. Sebtember uses Google's Gemini API on a paid tier to write answers. Under the Gemini API terms for paid services, Google does not use your prompts or uploaded content to train its models. Search embeddings and reranking use Voyage AI's API (also on paid terms). Your content stays yours and is used only to answer your own questions and those of the people you've shared with.

Your files, their extracted text, and the search index are stored in the European Union, on Google Cloud — the same infrastructure banks and governments trust. When you ask a question, your question and the relevant retrieved snippets are sent to two AI providers to produce the answer: Google's Gemini API (the model that writes the reply) and Voyage AI (which turns text into the math used for search). Those providers process that text on their own infrastructure; we don't store your content outside the EU. See the sub-processor list below for the full picture.

Your data is encrypted both while stored and while moving across the internet, using bank-grade encryption (AES-256 at rest, TLS 1.2+ in transit). The search index is stored as mathematical embeddings that can't be reversed back into readable prose.

No. Sebtember answers only from the trusted material you (or people who shared with you) provided, plus platform-wide help content. It does not pull random web pages. If the answer isn't in your sources, it tells you so instead of guessing — that is the whole point.

No, no, and no. There are no advertising pixels, no behavioural trackers, and no third-party analytics following you around — on the public website or inside the app. Sebtember makes money only when you choose to buy tokens, so there's no incentive to sell your data.

Yes. Deleting a Catalogue permanently removes its files, their extracted text, the search embeddings, and the original stored files — there are no hidden backups and no recovery. Your chat history belongs to you (a single chat can draw on several Catalogues, so deleting one Catalogue doesn't erase your conversations); deleting your account removes everything you own. Account deletion is currently handled by request to hello@sebtember.app. When it's gone, it's gone.

Yes. All card payments are handled by Stripe, one of the world's largest payment companies. Sebtember never sees or stores your card number.

Operated by Mondas Ltd. (Lithuania, EU), registered with the State Data Protection Inspectorate of Lithuania (No. P7140). Company reg. 304217890, VAT LT100010069711.

Customer files, extracted text, and the vector search index are stored in the European Union on Google Cloud Platform (Cloud Storage + Firestore). Answer generation calls out to two AI providers — Google's Gemini API and Voyage AI (see sub-processors) — which process the submitted text on their own infrastructure, which may be outside the EU. No customer content is stored outside the EU.

• AES-256 at rest on Google Cloud Storage and Firestore.
• TLS 1.2+ in transit between every service boundary.
• Encryption at rest covers the original files, their extracted text, and the search embeddings alike. The embeddings used for retrieval are vector representations that cannot be reversed back into readable prose; the extracted text is retained (encrypted at rest) so the AI can quote and cite it.

Sign-in is via Google (Firebase Authentication), so there is no Sebtember password for us to store or leak. After a Google sign-in, the client exchanges a verified Firebase ID token for a server-set session cookie. Server routes authenticate from that cookie; a client-supplied user ID is never trusted. Database access is enforced server-side — client SDKs are blocked from writing to sensitive collections (user profiles, private records, embeddings, system config), which happen only through the server behind authenticated, ownership-checked routes.

Content is organized into Catalogues, each with an admin who controls membership. Access is granted via single-use invitation tokens that can be paused, revoked, or time-scoped (30 min / 1 hour / 24 hours / unlimited). Invited users cannot enumerate a Catalogue's file list or open its admin surfaces — they interact with the content only through cited AI answers.

Inference runs on Google's Gemini API on a paid tier. Under the Gemini API terms for paid services, customer prompts and uploaded content are notused to train Google's models. Answers are generated only from retrieved customer/shared content and platform system content — the model is not given live web-browsing capability.

• Google Cloud Platform — hosting, storage, compute, Firestore, and the Gemini API (answer generation). Storage + database in EU regions.
• Vercel — hosting the marketing site and the Next.js application edge.
• Stripe — payment processing for token top-ups. Stripe handles all card data; Sebtember never sees raw card numbers.
• Voyage AI — text embeddings and reranking for the search pipeline. It receives document text (at upload) and your queries plus candidate snippets (at search time) to produce the vectors and ranking used for retrieval.

VAT numbers entered on the Company profile are validated against EU VIES / UK HMRC at verification time (the VAT number and company name are sent; no document content). Beyond these, there are no third-party analytics, advertising pixels, or behavioural trackers on any Sebtember surface — public or authenticated. Anonymous Core Web Vitals are collected via Vercel Speed Insights for performance only (no cookies, cannot identify individuals).

Sebtember runs entirely on Google Cloud Platform, which itself maintains the following certifications. Sebtember inherits these infrastructure controls but does not hold the certifications itself as a product:

• SOC 1 / ISAE 3402, SOC 2, SOC 3
• FedRAMP
• PCI DSS Level 1
• ISO 27001 / 27017 / 27018

Deleting a Catalogue removes, with no backups and no recovery: every File record and its extracted text, every search embedding, and the original uploaded files in Cloud Storage. Deleting a single file or a Collection removes the same artefacts for that scope. Chat history is owned by the user, not the Catalogue — a chat can draw on several Catalogues, so deleting one Catalogue does not delete conversations. Deleting your account removes everything you own; account deletion is currently handled by request (see GDPR rights).

EU users have the right to access, correct, delete, and export their personal data. The deletion mechanism is built into the product (see kill switch); account deletion and other rights are exercised by emailing hello@sebtember.app.

If you believe you have found a security vulnerability in Sebtember, please email hello@sebtember.app with the subject line "Security report". We respond to verified reports within 72 hours.

No internet-connected system can be called "100% unbreakable," and we won't pretend otherwise. What we can state precisely is the above: EU storage, AES-256 + TLS 1.2+, no model training on the paid Gemini API, owner-controlled access, permanent deletion, no trackers, and a disclosed four-processor chain on certified infrastructure. If a claim isn't on this page or the Privacy Policy, we're not making it — that is itself a security feature.