Security

Last updated: 3 April 2026

At Djinja-C, security is foundational to how we build and operate our product. This page describes the measures we take to protect your data and maintain the integrity of our application.

Privacy-First Architecture

Djinja-C is designed so that your screen content is never stored. When the application captures your screen to provide AI coaching, the image data is:

• Sent directly to the AI provider (Anthropic Claude) via an encrypted API call
• Processed in real time and discarded immediately after the response is generated
• Never written to disk, logged, cached, or retained by Djinja-C or any third party

Encryption in Transit

All communication between the Djinja-C application and our backend services uses TLS 1.2+ encryption. API calls to the AI provider are encrypted with AES-256 in transit. No data is transmitted in plaintext.

Application Security

Djinja-C is built on Electron with the following security measures:

• Context isolation: The renderer process is isolated from Node.js APIs, preventing cross-context attacks
• IPC-based security: All communication between the UI and system-level functions uses validated IPC channels
• No remote code execution: The application does not load or execute remote scripts
• Signed builds: Application installers are code-signed to verify authenticity

Authentication and Access

• User authentication is handled via secure token-based sessions
• Passwords are hashed using industry-standard algorithms and never stored in plaintext
• Session tokens expire automatically and are refreshed securely

Data Storage

Djinja-C stores minimal data:

• Account details: Name, email, and subscription status, stored in encrypted databases
• User preferences: Coach style, theme, and settings, stored locally on your machine
• Project documents: BIM standards and execution plans you upload are stored locally in your browser's localStorage and are never transmitted to our servers

GDPR Compliance

Djinja-C is compliant with the General Data Protection Regulation (GDPR) and the UK GDPR. You have full rights to access, correct, export, and delete your personal data at any time. See our Privacy Policy for details.

Enterprise Security

For Enterprise plan customers, additional security features include:

• Data boundary controls to keep all processing within your organisation's region
• Admin controls for user access and permissions
• Audit logging for compliance requirements
• Dedicated support channel for security-related queries

Vulnerability Reporting

If you discover a security vulnerability in Djinja-C, please report it responsibly to carlos@djinja-c.com. We take all reports seriously and will respond within 48 hours. We ask that you do not publicly disclose the issue until we have had a reasonable opportunity to address it.

Contact

For security questions or concerns:

Carlos Morecrofts
Djinja-C
carlos@djinja-c.com