How we protect your keys, your data, and your webhook deliveries.
Generated server-side with 24 bytes of cryptographic randomness, base64url-encoded with a crk_ prefix. Stored only as SHA-256 hashes; the plaintext key is shown once on mint and never logged. Self-serve rotation via POST /v1/keys/rotate; revocation via DELETE /v1/keys/<prefix>.
Every webhook delivery carries an X-Crawler-Signature: sha256=<hex> header — HMAC-SHA256 of the raw body, keyed by your project's webhook secret. Fetch the secret with GET /v1/webhook/secret. Verify on your side; reject any request without a valid signature.
TLS 1.2 or higher only. HSTS enabled. Edge TLS termination is handled by Cloudflare (see sub-processors).
Multi-tenant by project_id. Project A cannot read project B's crawl runs, pages, links, or any other resource. Verified by integration tests on every release.
The API rejects URLs whose host resolves to private or loopback IP ranges (RFC 1918, 127.0.0.0/8, 169.254.0.0/16, ULA, etc.) and known cloud-metadata endpoints. Only http:// and https:// schemes are accepted.
Every action against your project (key minted, crawl created, monitor edited) is recorded with timestamp and key prefix. Accessible via GET /v1/logs.
Daily, monthly, and concurrent-run caps are enforced server-side in a single atomic transaction. Tier-aware concurrent caps prevent any one project from filling the worker queue.
Boot-time health verification, automatic service recovery, and encrypted daily snapshots stored off-host. Point-in-time recovery is available on Enterprise plans.
Email [email protected]. We acknowledge receipt within 72 hours and will provide updates as we investigate. We do not offer a paid bug-bounty programme at this time; private coordinated disclosure is welcomed.