Built to protect your data by default.

DiscoveredBy is an internet-facing product, so security is the first consideration in every change, not an afterthought.

Access control

  • Role-based access control is enforced on every API endpoint. Authentication alone is never enough.
  • Strict tenant isolation: you can only ever read or change data in your own projects.
  • Default-deny: if access isn’t explicitly granted, it’s refused.

Data protection

  • All traffic is encrypted in transit over HTTPS.
  • Session cookies are set http-only, secure, and same-site to guard against theft and CSRF.
  • We never sell your data, and we don’t share it between accounts.

Infrastructure

  • Database access uses fully parameterized queries: no string-built SQL, so no injection.
  • Google integrations request least-privilege, read-only scopes for Search Console and Analytics.
  • Every request body and parameter is validated against a strict schema before it’s processed.

Privacy

  • Secrets, tokens, and full personal data are kept out of logs.
  • Internal errors and stack traces are never leaked to clients.
  • We collect only what’s needed to monitor your AI visibility.

Questions about security?

Reach out any time at hello@discoveredby.ai.

Start Free

Start monitoring your AI visibility.

See how AI search engines talk about your brand.

Free to start. No credit card required.