Security Overview

Understanding's security, policies, and measures with Firebase.

Designed to Be Secure

We take data security and your privacy seriously at We never disclose information about our users without their permission or sell their data.

Most of our team have many years of experience financial services sector, so security is in our DNA. Our entire system was built with security in mind, utilizing the principle "Security by Design". This means that as we architected the system from day one with security policies, techniques, and procedures.

How We Keep You Secure

  • Encryption: Our system and data is hosted on Firebase. All data stored is encrypted at rest and all transmissions are over SSL.

  • Read-only access: We access your Firebase usage metrics with a read-only service account, so we can’t modify your data.

  • Google authentication: We only allow authentication via Google social login. This means we don’t store or have your password. Furthermore, you can enable Google’s 2 Factor Authentication for added protection.

  • More encryption: And we don’t stop there! We do another level encryption (AES-256) on your private information and keys. So even we can’t see your data.

  • Stripe payments: Finally, our payment provider is Stripe - a well known provider with robust security measures.

Your Data is Your Data

We don't sell your data, mess with it, or do anything we wouldn't want done with our own private information. At any time, you can delete your information and your data is gone.

We use the crash tracker Rollbar to gather & analyze what went wrong and make a better product. When you install as a Firebase extension you can choose to not enable Rollbar to track issues.

What Data We Gather

We gather your usage data using Google's Monitoring API with read-only access. This data includes data storage (size of data, but not the actual data), number for reads, or CPU seconds spent computing.

We do not need, or have, access to your Firebase/Google billing account since our system does all the pricing and cost calculations.

Security Summary

  1. We are fully Firebase hosted and inherit Firebase’s security practices.

  2. We access your Firebase data using a read-only service account, so your data or account can never me modified.

  3. All data sent over the internet is encrypted with SSL (really, don’t use any site that doesn’t have this).

  4. We gather your usage data using Google's Monitoring API.

  5. All stored data in our system is encrypted at rest, meaning your data is protected from unauthorized entry.

  6. Your private information and keys have another layer of encryption (AES-256), so even employees can’t read your important data.

  7. We use Firebase’s authentication and only allow Google’s social login. This provides an additional layer of security. And you can enable Google’s 2 Factor Authentication for added protection.

  8. We never sell client data or disclose our clients information without their permission.

  9. Our payment provider is Stripe.

  10. Your data is your data and you can delete it at any time.

  11. We use Rollbar to capture crashes and make the product better.

Extension Security

The new Firebase Extension for was built and tested with Google's Firebase team.

The key security features of the Extension:

  • Runs in Firebase's secure extension environment managed by Firebase.

  • Security and API authorizations managed by Firebase, so you do not need to upload your private key.

  • You give explicit authorization for Google Monitoring API access (read-only).

Questions or Help

Please email or chat with us for any questions or comments

Last updated