Last updated: July 1, 2026
Reporting security issues
If you believe you have found a security vulnerability in Gluedly, report it privately. Include reproduction steps, affected URLs, account identifiers (if relevant), timestamps, and screenshots where helpful.
Contact: [email protected]
Do not access data that is not yours. Do not run large-scale automated security scans against production without prior written agreement.
Platform security controls
- Password hashing, session hardening, and optional two-factor authentication for accounts.
- Scoped API keys with expiry, labels, and usage metadata where enabled.
- Administrative role separation for operator consoles.
- TLS termination at the deployment boundary (HTTPS via load balancer or reverse proxy).
- Per-account concurrency gates and RabbitMQ queue isolation to limit cross-tenant job interference.
- Encrypted transport to proxy and extraction subprocessors; secrets stored outside source control.
Scrape output and integrations
Structured JSON delivered via API or webhooks should be treated as confidential. Rotate API keys after personnel changes, restrict webhook endpoints to HTTPS, and validate payloads before forwarding to downstream systems.
Your responsibilities
Protect passwords and API keys, enable two-factor authentication on sensitive accounts, scrape only targets you are authorized to access, and patch your integrations when we publish security advisories.