PicoRank PicoRank
Log in Try PicoRank free

How PicoRank protects your account and data

Last updated: July 2026

Written in plain English on purpose. If anything here is unclear, ask us via the contact page and we'll clarify — and if we change these documents, the date above changes with them.

PicoRank stores rankings and site-audit data — not state secrets — but we treat your account and your data with the same care either way. This page describes, concretely, how.

Transport & infrastructure

  • All traffic to PicoRank — this site, the app, and our APIs — is encrypted with TLS (HTTPS). Plain HTTP redirects to HTTPS.
  • The service runs on established cloud providers: application hosting on Render, database and authentication on Supabase (PostgreSQL), email delivery via Resend, payments via Stripe.

Account security

  • Authentication is handled by Supabase Auth using the modern PKCE OAuth flow; passwords are stored hashed by the auth provider — we never see or store them in plain text.
  • Google sign-in is available if you prefer not to have a password at all.
  • Password-reset and verification emails come from mail.picorank.com, authenticated with SPF and DKIM.

Data isolation

  • Every customer's data is tenant-scoped and protected by database row-level security — isolation is enforced by the database itself, not just by application code, and we run automated tests that prove one tenant cannot read another's rows.
  • Administrative access to production data is limited, logged, and audited.

Third-party access

  • Google Search Console and GA4 integrations are read-only and optional. OAuth tokens are stored server-side only, encrypted, and are deleted when you disconnect.
  • Payments are processed by Stripe; card numbers never touch PicoRank's servers.

Your controls

  • Export your ranking data as CSV anytime.
  • Disconnect integrations from the app, or revoke them from your Google account directly.
  • Request account deletion via contact — see the privacy policy for retention details.

Reporting a vulnerability

Found something? Please email security@picorank.com with details and steps to reproduce. We read these promptly, we won't take legal action against good-faith research, and we'll credit you if you'd like (we don't run a paid bounty program).