Security

GiuGEO currently handles four main categories of data: registration details, test-form inputs, generated test records, and essential contact information for business follow-up. These data are used only to create accounts, generate visibility diagnostics, preserve history, and handle consultation requests.

We do not expose model keys or backend credentials in the frontend. Authentication, quota checks, test execution, and result persistence all run on the server side.

Users authenticate with email and password. The frontend relies on Supabase session state, and the backend performs a second validation of the Bearer token. Test results, history, and lead-contact endpoints are all tied to the current user identity to prevent unauthorized access.

The internal dashboard is additionally protected by an admin-email allowlist, so regular users cannot access aggregated admin data directly.

Production deployments should run entirely over HTTPS so browser-to-frontend and frontend-to-API traffic remain encrypted. Test requests, lead submissions, and result lookups should all travel through encrypted channels.

Business data is stored in a controlled database environment, and model invocation plus result generation are orchestrated by the backend. We keep only the data required to run the product and support customers, and we do not persist sensitive service credentials in the client.

If you discover an issue related to account security, access control, or data exposure, please contact your business representative or the official support channel as soon as possible. We will review, respond, and update status promptly after confirmation.