Data Security

Last updated: February 18, 2026

Our Security Philosophy

The best way to protect data is to not collect it in the first place. ValueMyIdea.com is designed with a privacy-first architecture. We process as much as possible in your browser and store only what's necessary for the features you use.

Client-Side Processing

All scoring calculations happen locally in your browser using JavaScript. When you answer the 12 questions, the feasibility score, TCO estimate, ROI projection, and risk analysis are all computed on your device. Your idea text and answers are never sent to any server for processing.

This is fundamentally different from AI-based idea validators that transmit your business idea to cloud APIs (OpenAI, Claude, etc.) for analysis. With ValueMyIdea.com, your idea never leaves your device unless you explicitly create an account and save it.

No AI Cloud Processing

We do not use any external AI or machine learning APIs. There is no ChatGPT, no Claude, no Gemini processing your idea. Our scoring algorithm is deterministic and runs entirely in your browser. This means:

• Your idea is never transmitted to third-party AI providers.
• There's no risk of your idea being used to train AI models.
• Results are instant and don't depend on external servers.

Rate Limiting

To prevent abuse, we use a privacy-safe rate limiting system:

• A browser fingerprint is generated from generic device characteristics (screen size, timezone, language).
• This fingerprint is immediately hashed using SHA-256. The original data cannot be recovered.
• No IP addresses are stored or logged for rate limiting.

Infrastructure Security

For registered users, data is stored in Google Firebase (Firestore):

• All data is encrypted at rest using AES-256.
• All data in transit is encrypted using TLS 1.2+.
• Firebase is SOC 1, SOC 2, SOC 3, and ISO 27001 certified.
• Firestore security rules enforce that users can only read their own data.
• Authentication is handled by Firebase Auth with secure password hashing (scrypt).

What's Stored Where

• Your browser (localStorage): Rate limit counter only. Cleared when you clear browser data.
• Firebase (registered users only): Email, idea text, scores, account metadata. Deletable from Dashboard.
• Firebase (anonymous aggregate): Score numbers and category percentages with no identifying information.
• Google Analytics: Page views, general location (country level), device type. No personal identifiers.

Data Deletion

Registered users can permanently delete their account and all associated data from their Dashboard at any time. This action is immediate and irreversible. We do not retain backups of deleted user data.

Reporting Security Issues

If you discover a security vulnerability, please report it responsibly to hello@valuemyidea.com. We take security seriously and will respond promptly.