Deal Pipeline
by GowerCrowd

Security

Last reviewed: 2026-04-23

How we authenticate users

  • Google OAuth only. We never store or transmit a password you could lose.
  • Invite-only access: your email address (or company domain) must be whitelisted by an admin before the app will sign you in.
  • Session cookies are HttpOnly, Secure, and SameSite-enforced.
  • Role-based access: member sees only their own data, admin manages the organization, super_admin support-only with impersonation showing a red warning banner.

How your inbox is protected

  • Gmail access uses Google’s official OAuth2 with the gmail.modify scope. We can read messages, apply labels, archive messages, and mark processed messages as read. The scope can also move messages to Gmail Trash, but we do not permanently delete messages bypassing Trash. Current dashboard actions archive and apply labels.
  • IMAP passwords and Gmail OAuth tokens are encrypted at rest with AES-256-GCM using a dedicated encryption key.
  • The Supabase service-role key is server-only — it is never exposed to the browser and never embedded in client-side code.
  • Postgres row-level security isolates each tenant’s data; anonymous keys cannot read any table.
  • Outbound fetches (link following, image download, Firecrawl) are guarded against server-side request forgery — we reject URLs that target loopback, private, or cloud-metadata addresses.
  • HTTPS is enforced end-to-end. We serve HSTS, X-Frame-Options: DENY, X-Content-Type-Options: nosniff, Referrer-Policy: strict-origin-when-cross-origin, and a restrictive Permissions-Policy.

What happens to your data

  • Email metadata and extracted deal fields are stored in our Supabase Postgres database (US region).
  • The body of each email is sent to our LLM provider at extraction time to identify deal fields. We do not store full email bodies on their systems.
  • Every processing step is logged to a per-email audit trail you can review in the admin UI.
  • Data deletion on request is supported. Contact security@gowercrowd.com and we will remove your account and all associated records.
  • Organization-level cascade delete is available for full tenant removal.

What we don’t claim yet

  • No SOC 2 Type II report of our own. We inherit Vercel and Supabase’s SOC 2 coverage for infrastructure but have not completed an application-layer audit.
  • No third-party penetration test has been performed to date.
  • Not suitable for data subject to HIPAA, PCI, or similar regulated regimes.
  • These are areas we plan to invest in as customer volume warrants. We would rather say so than imply a posture we haven’t earned.

Reporting a vulnerability

Email security@gowercrowd.com with reproduction details. We will acknowledge within two business days and keep you informed as we investigate and remediate.

This page reflects the state of the product as of the date above. It is not a legal commitment; the governing terms are in our Terms of Use and Privacy Policy.