Security

Your data, treated like it matters

Security isn't a page we bolted on — it's how the platform is built. Here's how FirstSerpprotects your account, your credentials, and your clients' data.

Credentials protected

Passwords are stored hashed, never in plain text. Third-party integration tokens (Google, Meta, and more) are encrypted at rest.

Sessions you control

Authentication uses signed session cookies. You can see and revoke active sessions — with device and IP — from your account at any time.

Tenant isolation

Every workspace's data is scoped to its own tenant. Queries are filtered by workspace, and role-based access controls who sees what inside it.

PCI-free billing

Payments run through Stripe's hosted checkout — we never see or store your full card details. Your card data never touches our servers.

Privacy-first analytics

Our marketing site uses cookieless analytics — no advertising cookies, no cross-site tracking, no consent-banner theater.

Audit logging

Sensitive account actions are recorded in an audit log, and rate limiting protects sign-in and other sensitive endpoints from abuse.

Privacy & compliance

We collect only what's needed to run the service, never sell your data, and support access, export, and deletion requests. Read the details in our Privacy Policy. For a DPA or security questionnaire, get in touch.

Questions about security?

We're happy to walk through our data handling or complete your review.

Contact us