Security
Built to reduce risk, protect accounts, and control abuse.
TrainingAI includes a layered security posture focused on account protection, private route control, secure uploads, and tenant isolation for production use.
Tenant Isolation
Each client workspace is kept separate so one business does not leak into another.
Login Protection
Rate limits and temporary lockouts reduce brute-force pressure on client and super-admin login routes.
Secure Uploads
Uploads are validated by file signature and size, then stored in controlled cloud delivery paths.
Indexing Control
Private pages like dashboard, login, super-admin, and API routes are marked noindex.
Admin Oversight
Super admin can review account state, billing, plan expiry, and operational account control in one panel.
Production Hardening
Trusted hosts, tighter CORS, disabled docs exposure, and stronger response headers are in place.