ChannelScoutchannelscoutMy projects

Trust

Security

Last updated April 14, 2026

We take security seriously because you're trusting us with your product idea, brand voice, and go-to-market plan. This page describes the controls and practices currently in place at ChannelScout. It reflects the reality of a small, independent team. We've kept the stack simple on purpose so the attack surface is small.

Encryption

  • In transit. All traffic between your browser, our app, and our infrastructure runs over HTTPS with TLS 1.2 or higher.
  • At rest. Account and project data stored in Supabase is encrypted at rest using AES-256. Backups inherit the same encryption.
  • Secrets. API keys and service credentials are stored as encrypted environment variables, never committed to source control.

Authentication

  • Accounts use email magic-link authentication via Supabase Auth. No passwords are stored or transmitted by us.
  • Session tokens are HTTP-only, signed, and scoped to short lifetimes.
  • Row-level security in our database ensures each user can only read and modify their own projects.

Infrastructure

  • Hosting: Vercel (SOC 2 Type 2).
  • Database and auth: Supabase (SOC 2 Type 2, HIPAA available).
  • AI processing: Anthropic (SOC 2 Type 2). Anthropic does not train on API inputs or outputs.
  • Search:Serper for Scout's Hunt community queries.
  • Payments: Stripe (PCI DSS Level 1). We never see or store your full card number.

Access controls

  • Principle of least privilege. Only the people who need production access have it.
  • Multi-factor authentication required on all admin accounts and hosting providers.
  • Access to customer data is logged and reviewed.

AI data handling

Your project inputs are sent to Anthropic's Claude API to generate the Launch Blueprint and power Scout chat. Under our API agreement with Anthropic:

  • Inputs and outputs are not used to train Anthropic's models.
  • Data is retained by Anthropic only as long as needed for abuse monitoring, then deleted.

We recommend not pasting trade secrets, credentials, or regulated data (PHI, financial records) into ChannelScout.

Backups and availability

  • Supabase runs automated daily backups of the production database.
  • Vercel provides global CDN delivery and automatic failover.
  • Service status and planned maintenance are communicated via email for paid users.

Incident response

If we detect or are notified of a security incident affecting your data, we'll investigate, contain, and notify affected users within 72 hours of confirming the incident, along with what happened, what we're doing about it, and any action you should take.

Responsible disclosure

If you believe you've found a security vulnerability in ChannelScout, please report it to scout@adventure-seeker.com with details and steps to reproduce. Please do not publicly disclose the issue until we've had a reasonable chance to fix it. We'll respond within 5 business days, keep you updated, and credit you in any public fix notes if you'd like.

What we don't do (yet)

We're a small independent team and we want to be upfront about what's not in place:

  • No SOC 2 report of our own (we inherit our providers' compliance).
  • No SSO/SAML for enterprise accounts yet.
  • No formal penetration testing. Planned as we scale.

If your organization needs one of these before trying ChannelScout, email us and we'll discuss.

Contact

Adventure Seekers LLC
Illinois, United States
scout@adventure-seeker.com