Security

Local-First Architecture

LawnDoctor AI uses Google Gemini for AI analysis. Your lawn photos are processed securely and never stored longer than necessary. We follow best practices for data privacy and security.

Authentication

Account passwords are hashed using bcrypt before storage. Session tokens are signed with a server-side secret using JSON Web Tokens (JWT).

Data Encryption

All communications between the frontend and backend are encrypted. The local SQLite database is stored on your machine and is not exposed to the network.

Best Practices

We follow security best practices including input validation, parameterized queries, and proper error handling to prevent common vulnerabilities.

Reporting Vulnerabilities

Found a security issue? Email security@lawndoctor.ai. We take all reports seriously.