Security and Data Handling

Last updated: June 2026 CrawlVitals handles authentication, OAuth integrations, API keys, scan data, URL submissions, billing metadata, and generated reports. Security controls include: - Supabase authentication and workspace separation; - server-side service-role access only; - OAuth token encryption at rest; - hashed API keys; - route-level plan and authorization gates; - admin secrets for internal operations; - audit records for billing, research watcher, submissions, and integrations; - environment-variable based secrets; - no payment-card storage in the app. Customer responsibilities: - protect account access; - invite only authorized users; - rotate API keys when needed; - connect only properties you own or manage; - remove integrations when no longer needed; - do not submit sensitive personal data unless authorized. No system can be perfectly secure. Report suspected vulnerabilities to the support contact listed on the website.