Your data, treated like it matters
Security isn't a page we bolted on — it's how the platform is built. Here's how FirstSerpprotects your account, your credentials, and your clients' data.
Credentials protected
Passwords are stored hashed, never in plain text. Third-party integration tokens (Google, Meta, and more) are encrypted at rest.
Sessions you control
Authentication uses signed session cookies. You can see and revoke active sessions — with device and IP — from your account at any time.
Tenant isolation
Every workspace's data is scoped to its own tenant. Queries are filtered by workspace, and role-based access controls who sees what inside it.
PCI-free billing
Payments run through Stripe's hosted checkout — we never see or store your full card details. Your card data never touches our servers.
Privacy-first analytics
Our marketing site uses cookieless analytics — no advertising cookies, no cross-site tracking, no consent-banner theater.
Audit logging
Sensitive account actions are recorded in an audit log, and rate limiting protects sign-in and other sensitive endpoints from abuse.
Privacy & compliance
We collect only what's needed to run the service, never sell your data, and support access, export, and deletion requests. Read the details in our Privacy Policy. For a DPA or security questionnaire, get in touch.
Questions about security?
We're happy to walk through our data handling or complete your review.
Contact us