Security
How we protect the data you connect. We describe our commitments plainly, without exposing operational detail that would help an attacker.
Tenant isolation
Every row of your data is scoped to your workspace and enforced at the database with row-level security, so one customer can never read another's data.
Encrypted secrets
Google OAuth tokens are encrypted in a dedicated secrets vault, never stored in application tables or logs, and revoked with Google when you disconnect.
Read-only, least privilege
We request only read-only Search Console and Analytics scopes. We never ask for write, manage, or delete access to any Google service.
Google-only data model
The only external data sources are your Search Console and GA4. No backlink indexes, no SERP scraping, no keyword databases, no third-party SEO APIs.
Compliance roadmap
US data residency today, with a SOC 2 program on the roadmap. We publish what is in place and what is planned - no vague claims.