Legal
Security
Effective May 31, 2026 · Last updated May 31, 2026
How we protect your data and ours. We keep this practical, not performative.
Encryption in transit and at rest
All traffic is HTTPS, terminated through Cloudflare with TLS and HSTS. Stored data is encrypted at rest.
Access control
API keys are stored only as one-way hashes, never in plaintext. Access is least-privilege and role-scoped: each customer can reach only their own data, and internal operations require separate admin authorization.
Edge protection
Our API sits behind Cloudflare's WAF (OWASP rules), DDoS protection, rate limiting, and bot mitigation. We restrict the host names we serve and lock cross-origin access to our own applications.
Payments
Payments are handled by Razorpay. We never see or store full card details; card data stays with the payment provider. Payment webhooks are cryptographically signed and verified before any account is credited.
Data minimization and retention
We collect only what we need to deliver the service, and delete it on a clear schedule (see our Privacy Policy). We do not sell or share your data.
Safe automation
Our crawler only fetches genuinely public web addresses and refuses internal or private network targets. All AI generation runs server-side under strict, cost-capped limits.
Responsible disclosure
Found a vulnerability? Email [email protected]. We will acknowledge promptly and work with you in good faith.
Questions about this page? Email [email protected].