Security

How We Protect Your Data

Security is foundational to SearchForge AI. Here's how we keep your data and your customers' data safe.

Infrastructure

  • Cloudflare Workers. Our application runs on Cloudflare's global edge network with built-in DDoS protection, WAF, and automatic TLS.
  • Neon PostgreSQL. Managed database with automated backups, point-in-time recovery, and encryption at rest.
  • Cloudflare R2. Object storage for HTML snapshots with server-side encryption.

Encryption

  • In transit. All connections use TLS 1.3. HTTP is automatically upgraded to HTTPS.
  • At rest. All stored data is encrypted with AES-256.
  • Credentials. CMS connector credentials (WordPress API keys, Shopify tokens, etc.) are encrypted with HMAC-SHA256 before storage and never logged in plaintext.

Authentication & Access

  • JWT authentication. Secure token-based auth with short-lived access tokens and refresh token rotation.
  • Role-based access control. Four roles (Owner, Admin, Editor, Viewer) with permission boundaries enforced at the API level.
  • Multi-tenant isolation. Every database query is scoped to your tenant. Cross-tenant data access is architecturally impossible.
  • Password security. Passwords are hashed with bcrypt. We never store or log plaintext passwords.

Budget Controls

SearchForge includes built-in budget guardrails to prevent runaway AI costs. You set monthly limits, and the system automatically pauses or downgrades operations at 80%, 95%, and 100% thresholds. Alerts are sent via webhook at each threshold.

Reporting

If you discover a security vulnerability, please report it to [email protected]. We take all reports seriously and will respond within one business day.

Never Worry About SEO Again

Start your free trial or book a strategy call to map an agentic rollout with clear guardrails.

Start Free TrialBook Strategy Call