Security and Trust

• Users authenticate through Auth0 Universal Login and supported social connections.
• Frontend requests are proxied through Vercel functions and scoped to the authenticated Auth0 subject.
• Backend APIs validate tokens, scopes, and ownership before returning user data.
• Long-lived cloud credentials are not exposed to the browser.

• Raw imports are source evidence, not runtime connector context.
• Connector profiles are compact, field-based, and scoped.
• Sensitive, unclear, conflicting, malformed, and source-only data can be held away from connectors.
• SQL/business access is a deeper path that requires explicit scope and audit logging.

• Memrov uses managed cloud services with encryption in transit and at rest where available.
• Access is designed around per-user ownership, service roles, scoped tokens, and audit records.
• Deletion jobs remove active product data from the authoritative stores and retain only minimal hashed receipts where needed.

• Connector access logs record who or what requested data, what scopes were used, what was returned, and whether access was denied.
• Import, review, correction, approval, deletion, billing, and connector flows are treated as auditable events.
• Security events may be retained to protect accounts, investigate abuse, and satisfy legal obligations.

Send vulnerability reports or security concerns to admin@memrov.com with the subject line Security Report. Include affected URLs, steps to reproduce, impact, and your contact information.