Security Overview

Customerscor aims to follow a practical, layered security model: separate high-risk access paths, reduce unnecessary exposure, log sensitive actions where appropriate, and keep security decisions aligned with actual platform behavior rather than marketing claims.

No internet-connected system is risk free, and Customerscor does not guarantee absolute security. The goal is reasonable, evolving protection appropriate to the size and nature of the service.

Customerscor aims to restrict sensitive actions to the smallest practical set of authorized access paths.

Higher-risk operational tooling may be subject to additional review, checks, logging, and approval controls designed to preserve accountability.

Normal account creation and password reset flows use email verification or recovery links together with a stronger password policy. The product also supports a remember-me flow for trusted devices.

Customers are responsible for choosing strong passwords, protecting endpoints, controlling who may access a workspace, and promptly revoking access that is no longer needed.

Customerscor includes inactivity-aware session protection and logout behavior intended to reduce the risk of abandoned sessions remaining active on unattended devices.

Essential cookies and local storage are used for session persistence, security timing, and interface preferences. These controls are described further in the Cookie Notice.

Security-related events and sensitive operational actions may be logged to support review, accountability, and incident investigation.

Customerscor aims to avoid exposing higher-risk capabilities inside normal customer-facing workspace flows.

Customerscor relies on environment-based secrets, customer-configured API keys, and third-party services such as Supabase, Stripe, Resend, and Slack. Customerscor aims to keep those credentials out of public UI where they are not needed.

Customers remain responsible for supplying correct credentials, rotating them when required, limiting who can view them, and securing the third-party accounts they connect to Customerscor.

If Customerscor becomes aware of a confirmed security issue affecting systems under its control, Customerscor aims to investigate, contain, and communicate appropriately based on the facts, affected systems, customer impact, and applicable law.

Security reports, responsible-disclosure messages, and operational concerns may be sent to privacy@customerscor.com or hello@customerscor.com. Public security-disclosure details may also be published through the contact and policy routes provided on this site.

Security is shared between Customerscor, its infrastructure providers, and customers. Customerscor is responsible for operating the hosted software and its internal access model. Customers are responsible for their endpoint security, user provisioning, lawful data use, sender configuration, and the content or recipients of communications sent through the platform.