Security is foundational at probuck.ai. We enforce mandatory TOTP two-factor authentication, store sessions only in sessionStorage (never localStorage), encrypt data at rest with AES-256, and isolate every organisation's AI keys server-side using pgcrypto. Optional IP whitelisting, immutable audit logs retained for 365 days, and bring-your-own-key isolation mean your data and credentials never mix with another tenant's.