Can other users see my data?

No. Your Search Console data, OAuth tokens, MCP sessions, archive, and tool call history are all isolated to your user account in our database. Every query passes through bearer-token authentication that resolves to a specific user, and every database query scopes results by user_id. There is no UI, API endpoint, or feature that exposes one user's data to another user.

This isolation is enforced at multiple layers: row-level filtering in every Postgres query, application-layer middleware that fails closed if user_id is missing from a request, and rate limits scoped per-user so one user's traffic cannot affect another's quota. The Personal Archive uses partitioned tables but the partition key is date, not user - rows from all users coexist physically but are filtered logically by user_id on every read.

The one exception is the operator (us). We may access your data for support, debugging, abuse investigation, or aggregate analysis - and every operator access is written to an audit log. This is documented transparently in our Privacy Policy. We never share, sell, or use your data for AI training. If you delete your account, your data is hard-deleted within 30 days of the request.