privacy and security

hold your voice uses sessions, csrf checks, rate limits, encrypted byok keys, noindex shared docs, and scoped api keys to protect user data.

updated may 3, 2026 security no images

quick answer

use this page for product-level privacy explanations. it is not legal advice.

use this for

answering product security questions
explaining public document noindex
checking api key safety

steps

keep secrets out of documents and wiki pages.
use api keys only through environment variables or secret managers.
revoke keys when access should end.
make shared documents private when review is done.
delete accounts only when the user understands the impact.

details to know

session cookies are shared across holdyourvoice.com subdomains where needed.
authenticated post requests use csrf protection.
byok keys are encrypted at rest and only hints are shown.
public shared docs are served with noindex controls.
api keys have scopes and audit logs.

limits and edge cases

no wiki page should contain private keys, provider secrets, admin urls beyond the public fact of god subdomain, or customer data.
user-published public docs are not seo pages.

ready to use the product instead of reading about it? open app