What we protect, and how
BlazeCrawl runs on Google Cloud Platform. This page lists the controls the product actually enforces today — nothing we can’t point to in the code or infrastructure.
Per-workspace data isolation
Every workspace-scoped table has PostgreSQL row-level security enabled and forced, keyed to the authenticated workspace. Isolation is enforced in the database, not just in application code.
Encrypted in transit
All public API traffic is served over HTTPS/TLS. Plain HTTP requests are redirected to HTTPS at the edge, so connections don’t silently fall back to cleartext.
Encrypted at rest
Data stored in Google Cloud is encrypted at rest using Google Cloud’s default, Google-managed encryption.
Field-level secret encryption
Sensitive stored configuration — such as vector-store and destination credentials — is additionally encrypted at the application layer with AES-GCM, wrapping the data key through Google Cloud KMS.
Self-serve export & deletion
You can export a full copy of a workspace, or permanently delete it, directly over the API. Deletion removes workspace database rows along with associated object-storage, warehouse, and vector-store data — supporting data access and erasure requests.
Workspace-scoped access
API keys are scoped to a single workspace and authenticated as bearer tokens. Member roles govern what each person can do inside a workspace.
SSO & SCIM on Scale and Enterprise
Higher-tier plans can configure SAML 2.0 or OIDC single sign-on and provision users with SCIM 2.0. These features are gated to the Scale and Enterprise plans.
Edge rate limiting & SSRF checks
Public traffic passes through Google Cloud Armor rate limiting. Because BlazeCrawl fetches URLs on your behalf, scrape targets are validated to block requests to internal or private network addresses (SSRF protection).
What we don’t claim. BlazeCrawl does not currently hold third-party security certifications or compliance attestations, and we’re not in an active audit. We won’t display badges we haven’t earned or publish availability, retention, or audit numbers we can’t stand behind. If you need a specific attestation or a signed data-processing agreement for a procurement review, email us and we’ll tell you exactly where we are.
Export or delete your data yourself
You don’t have to file a ticket to get your data out or have it removed. Both are self-serve, authenticated API calls.
Found a vulnerability?
We welcome good-faith security reports. Email security@blazecrawl.com with clear reproduction steps. Please don’t access data beyond what’s needed to demonstrate an issue, and give us reasonable time to remediate before any public disclosure. Our machine-readable policy lives at /.well-known/security.txt.