Security and Abuse Protection

• Server-side AI provider integration; API keys are not exposed to the browser.
• Backend-authoritative quota and generation checks.
• Anonymous abuse-prevention instead of mandatory signup.
• Fair-use limits to keep the public service sustainable.
• Reference upload and URL protections.
• Restricted admin and API routes.
• Defense-in-depth through multiple signals.

A generation request is checked before AI generation begins. The system may evaluate anonymous identity, quota state, started-generation limits, active-generation state, request size, budget estimate, prompt similarity, and IP-derived abuse signals. Approved requests receive server-side authorization before section generation proceeds.

• Skeleton/preflight request.
• Server reserves a generation row.
• Server issues a signed generation token.
• Section/refine calls require the token.
• Finalization validates the token and generation row.
• Completed generations consume daily quota.
• Failed/expired generations do not consume completed quota but may count toward started/risk history.

NxtDocument uses anonymous technical signals to protect the service without requiring login. These may include a browser fingerprint hash, local session ID, and IP-derived hash processed server-side. These signals support quota enforcement, abuse prevention, and reliability.

• Approximately 8 completed documents per device/system per Berlin calendar day.
• Started-generation limits may also apply.
• Active unfinished generation limits may apply.
• Limits may evolve as the product changes.

AI provider API keys are kept server-side. The browser does not directly call the AI provider. This reduces the risk of key exposure and allows quota/risk checks before paid generation occurs.

• Maximum reference count.
• File size limits.
• Unsupported file rejection.
• URL parsing limits.
• Private/internal network URL blocking.
• SSRF-style protections.
• Parsing cooldowns or quotas.

Exports are generally less expensive than generation, but export throttling may be used to prevent automated abuse, repeated loops, or excessive server/browser workload.

To prevent automated duplicate-generation abuse, the system may detect repeated or near-identical prompts. The system should allow reasonable retries while blocking excessive repetition. This protects both user experience and operational cost.

Users should not upload confidential, regulated, privileged, or highly sensitive information into the public no-signup experience unless they have assessed their own requirements. NxtDocument is not positioned as an enterprise secure document repository for sensitive data.

Security dashboards may show aggregate anonymous usage, quota events, abuse events, generation status, and hashed identifiers. Raw personal identifiers should not be exposed unnecessarily in admin UI.

If you discover a vulnerability, abuse path, or security issue, please contact hello.nxtdocument@yahoo.com.

Please include:

• Description of the issue.
• Steps to reproduce.
• Impact.
• Screenshots or logs if safe to share.
• Your contact email.

Do not publicly disclose vulnerabilities before giving reasonable time to investigate.

No public web service can guarantee perfect security. NxtDocument continuously improves its protections as the product evolves.