🛡️

Security Settings

Manage your account security and privacy

Account Security Overview

Organiko.ai provides comprehensive security features to protect your account and data. From encrypted tokens to session management and activity monitoring, we ensure your information stays secure.

🔐
JWT Encryption
Secure tokens
👁️
Activity Monitoring
Real-time tracking
🔔
Email Alerts
Instant notifications

Current Security Features

Password Encryption (Bcrypt)

All passwords are encrypted using bcrypt hashing with salt rounds. Your password is never stored in plain text and cannot be recovered by our team or anyone else.

Technical Details: Bcrypt with configurable rounds (default: 12), making brute-force attacks computationally infeasible.

JWT Token Authentication

After login, you receive two secure tokens: an access token (60 minutes) and a refresh token (30 days). Both are cryptographically signed and tamper-proof.

Access Token:60 minutes
Refresh Token:30 days
Algorithm:HS256 (HMAC-SHA256)

Email Verification

When you create an account or change your email, we send a verification link to confirm ownership. Links expire after 24 hours for security.

📧 Email confirmation⏰ 24-hour expiry🔒 One-time use

Secure Password Reset

Password reset links expire after 1 hour and can only be used once. We send email notifications whenever your password changes.

⏰ 1-hour expiry🔐 Single use📧 Change alerts

HTTPS Encryption

All data transmitted between your browser and our servers is encrypted using industry-standard TLS/SSL encryption (HTTPS). This prevents man-in-the-middle attacks and eavesdropping.

Technical Details: TLS 1.3, AES-256 encryption, perfect forward secrecy

Rate Limiting & Brute-Force Protection

Failed login attempts are monitored and limited to prevent brute-force attacks. After multiple failed attempts, your account is temporarily locked for your protection.

🚫 Rate limiting🔒 Auto-lock⏰ 15-min cooldown

Session Management

⏱️

Active Sessions

You can be logged in from multiple devices simultaneously. Each device has its own session with independent tokens.

Current Sessions (Example):
💻 Chrome on MacBook Pro
Last active: 2 minutes ago
Current
📱 iPhone 14 Pro
Last active: 1 hour ago
🚪

Logout & Session Termination

When you log out, both your access and refresh tokens are invalidated. You can log out from:

Current Device: Profile menu → "Log Out"
All Devices: Settings → Security → "Log Out Everywhere"
Specific Device: Settings → Security → Active Sessions → "Log Out"
🔄

Automatic Session Expiry

Sessions automatically expire after periods of inactivity for security:

Access token expires after:60 minutes
Refresh token expires after:30 days
Auto-refresh:Enabled ✓

Note: As long as you use the platform within 30 days, your session automatically renews without requiring re-login.

Two-Factor Authentication (2FA)

🔐

Enhanced Security (Coming Soon)

Q1 2026

Two-factor authentication adds an extra layer of security by requiring a second form of verification beyond your password. When enabled, you'll need both:

1.Something you know: Your password
2.Something you have: Your phone (authenticator app or SMS)

Planned 2FA Methods:

📱 Authenticator Apps
Google Authenticator, Authy, etc.
💬 SMS Codes
Text message verification

Security Activity & Monitoring

📊

Activity Log

Your account activity is tracked for security purposes. You can view recent activity in Settings → Security → Activity Log.

Recent Activity (Example):
✓ Successful Login
Chrome on MacBook Pro • San Francisco, CA
2 min ago
✓ Password Changed
iPhone 14 Pro • San Francisco, CA
2 hours ago
✗ Failed Login Attempt
Unknown Device • Tokyo, Japan
1 day ago
🔔

Email Notifications

We automatically send email alerts for important security events:

📧Password Changed: Immediate notification
📧New Login from Unknown Device: Location and device info
📧Multiple Failed Login Attempts: Security warning
📧Email Address Changed: Confirmation to both old and new email
🌍

Location & Device Tracking

For security purposes, we track the location and device information for each login:

Information Tracked:
• IP address and approximate location
• Device type (desktop, mobile, tablet)
• Browser and operating system
• Login timestamp

Security Best Practices

Keep Your Account Secure

Use a Strong, Unique Password
At least 12 characters with mixed case, numbers, and symbols
Enable Email Verification Immediately
Verify your email address as soon as you sign up
Never Share Your Password
Organiko.ai staff will never ask for your password
Log Out on Shared Computers
Always log out when using public or shared devices
Review Security Activity Regularly
Check your activity log for suspicious logins
Keep Your Email Secure
Your email is the key to password recovery and account access
Report Suspicious Activity
Contact support immediately if you notice unauthorized access

Account Deletion & Deactivation

⚠️

Delete Your Account

You can delete your account at any time from Settings → Security → Delete Account. This action is permanent and cannot be undone.

⚠️ What Happens When You Delete:
• All your data is permanently deleted
• Active subscriptions are canceled
• You lose access to all features immediately
• Your email address can be reused for a new account after 30 days
• Some audit logs may be retained for compliance (anonymized)
💡 Alternative: If you just want to stop using Organiko.ai temporarily, consider downgrading to the Free plan instead of deleting your account.
🚨

Report a Security Issue

If you believe your account has been compromised or you notice suspicious activity:

1.Change your password immediately using "Forgot Password"
2.Log out from all devices in Settings → Security
3.Contact our security team at security@organiko.ai
4.Review your activity log for unauthorized actions
Contact Security Team →

Related Guides

🔑

Password Management

Change or reset password

🔓

Login Guide

Access your account

📝

Signup Guide

Create a new account

💬

Contact Support

Get help with security

← Back to AuthenticationSubscription Management →