Official AI provider integrations
Live scoring connects to ChatGPT and Gemini through official OpenAI and Google APIs — not scraping, automation hacks, or brittle workarounds. This ensures stable, terms-compliant, and reproducible results.
Trust & Security
A secure, transparent platform from day one.
Perfotix AI is built on secure defaults, official API integrations, and conservative data practices. Your brand data, prompts, and workspace credentials are protected at every layer.
Authenticated and encrypted access
All dashboard routes require authentication. Sessions are signed with HMAC-SHA256, stored as HTTP-only cookies, and expire after seven days. Passwords are hashed using scrypt with per-user salts — never stored in plaintext.
Server-side secrets only
API keys, Stripe credentials, database URLs, and signing secrets are stored exclusively in server environment variables. They are never exposed to the browser, never committed to version control, and never included in client bundles.
Input validation on every entry point
All server actions and API routes validate inputs through strict Zod schemas before processing — field types, lengths, URL formats, and enum values are enforced at the boundary.
Secure payment processing via Stripe
Checkout and subscription billing are handled entirely by Stripe. Card details never touch Perfotix AI servers. Stripe webhooks are signature-verified on every event before any access status is updated.
Security headers on every response
Every page response includes X-Frame-Options, X-Content-Type-Options, Strict-Transport-Security (HSTS), Referrer-Policy, and Permissions-Policy headers to protect users against common web vulnerabilities.