Your accounts, your data, your consent.
An agent that acts on directories on your behalf has to be trustworthy by construction. Here's exactly how we handle your accounts, credentials, and data — and what we deliberately don't do.
For directories that need an account, the agent acts with your explicit consent using your own credentials. We never claim your identity without authorization, and you keep ownership of every account.
Any secret you entrust to the agent is encrypted before storage. Managed-identity email aliases route through a verified domain so you don't have to hand over your primary inbox.
Where a site uses a CAPTCHA, anti-bot wall, or a community mechanic, the agent stops and hands you a guided, pre-filled step. We don't defeat protections a site put up on purpose.
Every submission is screenshotted — the filled form and the result — so there's a verifiable record of exactly what was sent, and we re-verify a listing before calling it live.
The application runs on Vercel; data is stored in Supabase (PostgreSQL with row-level security). Payments are processed by Stripe — we never see or store your card details.
Found a security issue? Email contact@startupamplify.com with details and we'll respond. We appreciate responsible disclosure and won't pursue good-faith researchers.
What we don't claim: we don't hold SOC 2, ISO, or other formal certifications, and we won't pretend to. If and when we pursue them, we'll say so here with dates — not before.