Security - Londoolink AI

Londoolink AI employs a sophisticated dual-database architecture and military-grade encryption to ensure optimal performance and maximum security for user data.

Dual-Database Architecture

PostgreSQL (Relational)

Purpose: User accounts, auth tokens, structured metadata.

• ACID compliance for transactional integrity
• Normalized schema for complex relationships
• Stores user profiles and system config

ChromaDB (Vector)

Purpose: Semantic search, embeddings, unstructured content.

• Optimized for high-dimensional vector search
• Stores email/calendar content embeddings
• Enables RAG (Retrieval Augmented Generation)

Security Measures

Password Security

User passwords are never stored in plain text. We use Argon2, a memory-hard password hashing function.

Credential Encryption

Third-party credentials (API keys, OAuth tokens) are encrypted at rest using AES-256 encryption (Fernet). Keys are managed via environment variables and never committed to code.

JWT Authentication

Algorithm: HS256 with rotating secret keys
Expiration: Short-lived access tokens (30 mins) with secure refresh mechanism

Privacy & Compliance

GDPR Compliance: Data handling follows strict privacy principles
Data Minimization: collecting only necessary data

Right to Deletion: Users can request full data purge
Audit Logging: Trails for all data access

Security & Privacy