Security & trust.
What we run, where it runs, and what we keep. Written plainly, without exposing more than you need.
Hosting & transport
- The service fronts through Cloudflare; the search data plane runs on dedicated servers in the EU (Germany and Finland), reachable only through our gateway.
- All traffic is encrypted in transit (TLS). Security headers — HSTS, frame denial, strict referrer policy — are set site-wide.
Access control
- Every data request is authenticated and entitlement-checked server-side — subscriptions and API keys are enforced at the gateway, never in the browser.
- API keys are stored hashed, shown once, revocable instantly, and stop working the moment a plan lapses.
- Webhook deliveries are HMAC-signed so your systems can verify every payload.
What we keep — and don't
- We do not log the text of your search queries. Usage is metered as daily counters only.
- Saved searches and alerts store exactly what you asked us to save, and are deleted when you delete them — or your account.
- Share links are opaque, expire after 90 days, and never carry query text in the URL.
- Account deletion revokes keys, cancels billing, and removes saved data immediately; limited billing and security records are retained as described in the Privacy Policy.
Subprocessors
Clerk (authentication) · Stripe (payments — card data never touches our servers) · Cloudflare (delivery & control plane) · Hetzner (EU search servers) · Resend (transactional email).
Reporting a concern
Security reports reach a human via the contact form — please include steps to reproduce. We respond within one business day.
This page describes operational practice; it is not a contractual document. Last reviewed 2026-07-17.