AI security and PII protection
Slant uses AI to enhance its services. Sensitive data is filtered before being sent to AI models.PII detection and redaction
- Automated detection — Slant scans text to identify PII such as credit card numbers, Social Security numbers, and US passport numbers using pattern-based filtering.
- Redaction — Detected sensitive data is replaced with redaction characters before it reaches any AI model.
Vault data protection
- Highly sensitive data (SSNs, tax IDs, passport numbers, driver’s license numbers) is stored in an encrypted vault.
- Only partial values (e.g., last four digits) are displayed in the application to minimize exposure.
Data encryption
Encryption at rest
Sensitive database fields are encrypted using Rails Active Record encryption, including:- Vault-stored items (SSNs, tax IDs, passport numbers, driver’s license numbers)
- Financial account data
- Sensitive uploaded files
Encryption in transit
- HTTPS/TLS — All communication with the platform is encrypted via TLS.
Secure credentials management
- Application credentials are encrypted using Rails’ encrypted credentials system.
Application and infrastructure security
Authentication
- Clerk handles user identity management, including login, session management, and multi-factor authentication.
- OAuth 2.0 is used for third-party integrations (email providers, storage providers, etc.).
Authorization and access control
- Pundit enforces access policies across all API endpoints.
- A custom permissions system provides granular, resource-level access control.
Webhook security
- Incoming webhooks are validated using HMAC-SHA256 signature verification with constant-time comparison to prevent timing attacks.
Secure development practices
- Host authorization — DNS rebinding protection is enabled.
- Log filtering — Sensitive values are excluded from application logs.
- Timing attack protection — Constant-time comparisons are used for all cryptographic checks.