Security overview.
The platform is built around explicit access, versioned API contracts, and preserved provenance so downstream teams can trust what they integrate.
Authentication and access
Console access currently uses Google sign-in via Supabase. Programmatic API access uses issued bearer keys. Keys are intended for server-side use and should be rotated or revoked if exposed.
Operational controls
We enforce request limits, account-linked key issuance, and usage tracking so access can be controlled at the account and key level. Evaluation and commercial access are intentionally explicit rather than anonymous.
Data provenance
Source records, raw captures, and historical versions are preserved so downstream users can trace where records came from and how they changed over time. Provenance is part of the product, not an afterthought.
Vulnerability reporting
If you identify a security issue, contact support@boringdataplatform.com with reproduction details. Please do not publicly disclose vulnerabilities before we have had a chance to investigate and remediate.