Security

How we protect your data.

Security is a core part of how ScoutGol is built, not an afterthought. Here is a clear, honest explanation of how we protect your account and data.

Infrastructure

ScoutGol runs on Supabase — a platform built on PostgreSQL with enterprise-grade security. All data is encrypted at rest and in transit using TLS. Our application is protected by Cloudflare, which provides DDoS protection, a web application firewall, and global CDN.

Database Security

We use Supabase Row-Level Security (RLS) on every table. This means users can only access their own data — even if a query is somehow misdirected, the database enforces access at the row level. Users cannot modify their subscription plan directly — plan changes require server-side verification.

Authentication

Authentication is handled by Supabase Auth with email confirmation required on signup. Passwords are never stored in plain text. Session tokens are short-lived and stored securely.

AI Processing

Search queries are sent to the Anthropic API to generate scout reports and analyse search intent. Anthropic does not use API data for model training. We send only the search query and relevant player stats — no personal user data is included in AI requests.

Payment Security

ScoutGol does not store any payment card information. All payments are processed by Paddle, who acts as Merchant of Record and maintains PCI-DSS compliance.

What We Don't Do

We do not sell your data. We do not run advertising. We do not track you across other websites. We do not store your password in plain text. We do not give third parties access to your personal data except as described in our Privacy Policy.

Responsible Disclosure

If you believe you have found a security vulnerability in ScoutGol, please report it responsibly to hello@scoutgol.com with the subject line 'Security Disclosure'. We will acknowledge receipt within 48 hours and work to address valid issues promptly.