Security

Your brand data is sensitive. Here's how we protect it.

🔒 Official APIs only

We query AI engines exclusively through their official, documented APIs. We don't scrape browser interfaces, read undocumented metadata, or use any technique that could break when a model updates. This means your monitoring is stable and reliable.

🔐 Data isolation

Your brand data is isolated to your account. Other users cannot see your brands, prompts, results, or scores. All authenticated endpoints require session authentication or API key verification.

🛡️ Rate limiting

All API endpoints are rate-limited to prevent abuse. Free tools are limited to prevent automated scraping. Paid API access has higher limits appropriate to each plan.

📊 Data exports

CSV exports include invisible watermarks tied to your account. This allows us to trace any unauthorized redistribution of data back to the source.

🌐 Infrastructure

• Hosted on AWS (eu-west-1) with encrypted storage
• HTTPS enforced on all endpoints
• Database connections encrypted in transit
• AI engine API keys stored as environment variables, never in code

🤖 AI crawler policy

Our robots.txt blocks AI crawlers from accessing user data pages. Public marketing pages are crawlable. Dashboard, brand data, settings, and report pages are disallowed.

Report a vulnerability

If you discover a security issue, email [email protected]. We take all reports seriously.