Security

Read-only revenue intelligence. No money movement.

MRR Pilot never moves money, creates charges, issues refunds, or changes your Stripe settings. It reads revenue data to generate metrics and actions.

Last updated: July 3, 2026

Least-privilege Stripe access

Founders can connect an existing Stripe account or use a restricted API key with read permissions. We recommend restricted read-only keys for beta accounts whenever OAuth availability creates friction.

Credential protection

Restricted credentials are encrypted at rest with server-side AES-256-GCM. Full credentials are never returned to the client, displayed in admin, included in logs, or sent to AI providers.

Server-side access controls

Clerk protects authentication boundaries. Database workspace membership, application roles, and subscription entitlements are checked on the server before sensitive records or actions are available. Admin routes require ADMIN or SUPER_ADMIN.

Auditability

Important account, integration, sync, billing, admin, AI, and Revenue Action events are written to audit or internal product-event records. Sensitive credentials are excluded.

Beta limitations

MRR Pilot does not currently claim SOC 2, ISO 27001, PCI DSS service provider certification, or comprehensive regulatory compliance. Security controls will continue to be reviewed before general availability.