Sipher-AI Security Overview

• Password hashing with bcrypt.
• JWT sessions stored in HTTP-only, secure cookies.
• Email verification before chat access.
• Password reset using short-lived, single-use hashed tokens.
• Plan-aware production rate limiting.
• Input moderation and abuse event logging.
• Owner-controlled maintenance mode and kill switch.
• Stripe webhook signature verification.
• Health checks, system logs, backup tracking, and admin audit logs.