RLS on multi-tenant tables
Active control in the application surface, API layer, or operational console.
Security
Controls for readers, API customers, and internal operators.
The platform keeps account, billing, API-key, webhook, and admin operations separated from the public reader surface, with validation and audit controls around sensitive actions.
Control inventory
Current product safeguards.
No service role key in the client
Active control in the application surface, API layer, or operational console.
Bcrypt API-key hashing
Active control in the application surface, API layer, or operational console.
Zod validation on route input
Active control in the application surface, API layer, or operational console.
CSRF guard for mutating app routes
Active control in the application surface, API layer, or operational console.
Audit logging for admin and billing actions
Active control in the application surface, API layer, or operational console.
Encrypted webhook signing secrets
Active control in the application surface, API layer, or operational console.
Signed webhook delivery with replay timestamps
Active control in the application surface, API layer, or operational console.
No long-term full article body retention
Active control in the application surface, API layer, or operational console.
Sentry redaction and strict headers
Active control in the application surface, API layer, or operational console.
Data posture
Reader privacy is part of the security model.
Full article bodies are used for scoring and not retained long-term. Reader events are product-scoped, not ad-targeting data, and account export controls stay available from the account console.