Account protection and anti-sharing controls.

Paid access is tied to a single user account.

Subscription status is synced from Lemon Squeezy webhooks.

API keys are stored as Vercel environment variables, not in browser code.

Voice is processed for transcription, and Interview English AI is designed not to permanently store raw audio after processing.

Security headers are configured for HTTPS, framing, content type, referrer, and microphone permissions.

AI endpoints use rate limiting, fair-use controls, and clear error responses.

Specialist pronunciation checks have daily fair-use limits to protect speech API cost and reduce automated abuse.

Paid voice scoring records hashed device and IP-derived signals so shared-account patterns can be reviewed without storing raw IP addresses.

Usage, payment, login, and account signals may be reviewed to reduce sharing and abuse.

Report suspected account or security issues to interviewenglishai@gmail.com with the affected account email, steps to reproduce, and screenshots if useful. Do not include passwords or full payment details.

No internet service can be guaranteed 100% secure.