Security
We follow a least-privilege model and store tokens securely. Clients can disconnect at any time, which revokes tokens and triggers deletion of related cached data.
Least-Privilege Access
- Only the scopes required for enabled features
- Per-client isolation
- Regular scope reviews
Token Handling
- Secure storage and rotation where applicable
- Immediate revocation on disconnect
- Restricted internal access
Data Retention
- Operational caches kept only as needed
- Deletion on disconnect or by request
- Log minimization & purging
Compliance
- Official APIs only; no scraping
- Platform policy alignment
- Clear user controls