Account protection and anti-sharing controls.

Paid access is tied to a single user account.

Subscription status is synced from Lemon Squeezy webhooks.

API keys are stored as Vercel environment variables, not in browser code.

AI tasks are processed through server-side routes so provider keys are not exposed to browser code.

Voice features, if used, are processed for transcription or scoring, and AI For Work Lab is designed not to permanently store raw audio after processing.

AI Studio and AI API routes block obvious illegal, harmful, credential-theft, fraud, cheating, and sensitive-data requests before generating output.

Security headers are configured for HTTPS, framing, content type, referrer, and microphone permissions.

AI endpoints use rate limiting, fair-use controls, durable counters where configured, and clear error responses.

Expensive AI, speech, and workflow-planning features have fair-use limits to protect processing cost and reduce automated abuse.

Paid AI usage records hashed device and IP-derived signals so shared-account patterns can be reviewed without storing raw IP addresses.

Usage, payment, login, and account signals may be reviewed to reduce sharing and abuse.

Report suspected account or security issues to interviewenglishai@gmail.com with the affected account email, steps to reproduce, and screenshots if useful. Do not include passwords or full payment details.

No internet service can be guaranteed 100% secure.