Security & data

Your accounts, your data, your consent.

An agent that acts on directories on your behalf has to be trustworthy by construction. Here's exactly how we handle your accounts, credentials, and data — and what we deliberately don't do.

Your accounts stay yours

For directories that need an account, the agent acts with your explicit consent using your own credentials. We never claim your identity without authorization, and you keep ownership of every account.

Credentials are encrypted at rest

Any secret you entrust to the agent is encrypted before storage. Managed-identity email aliases route through a verified domain so you don't have to hand over your primary inbox.

No CAPTCHA bypassing, ever

Where a site uses a CAPTCHA, anti-bot wall, or a community mechanic, the agent stops and hands you a guided, pre-filled step. We don't defeat protections a site put up on purpose.

Evidence, not a black box

Every submission is screenshotted — the filled form and the result — so there's a verifiable record of exactly what was sent, and we re-verify a listing before calling it live.

Where your data lives

The application runs on Vercel; data is stored in Supabase (PostgreSQL with row-level security). Payments are processed by Stripe — we never see or store your card details.

Reporting a vulnerability

Found a security issue? Email contact@startupamplify.com with details and we'll respond. We appreciate responsible disclosure and won't pursue good-faith researchers.

What we don't claim: we don't hold SOC 2, ISO, or other formal certifications, and we won't pretend to. If and when we pursue them, we'll say so here with dates — not before.