How is my monitoring data stored?

All data is stored in Google Cloud Firestore with AES-256 encryption at rest. Each workspace has logically isolated data enforced by Firestore security rules. Data retention varies by plan: 7 days (Free), 30 days (Starter), 90 days (Pro).

Does Sitewatch store my website credentials?

No. Sitewatch monitors publicly accessible URLs. We never ask for or store CMS credentials, server passwords, or SSH keys. Monitoring works by fetching pages via HTTP and checking linked assets.

How does authentication work?

Sitewatch uses Firebase Authentication for user identity. Cloud Functions enforce authorization with workspace-scoped access rules and helper functions (assertAuthed, assertWorkspaceAdmin) that verify permissions before processing any request.

Has Sitewatch undergone penetration testing?

We conduct regular security reviews and vulnerability assessments. Our infrastructure runs on Google Cloud Platform, which undergoes independent third-party audits annually.

Security

Security Built into Every Layer

Your monitoring data is sensitive -- it reveals your site structure, your assets, and your vulnerabilities. Sitewatch treats it that way. Firebase Authentication, strict Firestore security rules, workspace-scoped access control, and encrypted storage protect your data at every layer of the stack.

Firebase Authentication with workspace-scoped access rules
Strict tenant data isolation enforced by Firestore security rules
AES-256 encryption at rest, TLS in transit, secure alert delivery

Start monitoring Back to homepage

Security Verified

Firebase Auth — verified

Tenant isolation — cross-tenant blocked

TLS — encrypted in transit

Data at rest — encrypted

SOC 2 Type II — in progress

Last audit: March 2026

How we protect your data

Security practices at Sitewatch

Firebase Authentication

Every request is authenticated through Firebase Authentication. Cloud Functions use authorization helpers (assertAuthed, assertWorkspaceAdmin) to verify identity and permissions before processing any action.

Firestore security rules

Strict Firestore security rules enforce tenant-level access control at the database layer. Users can only read and write data that belongs to their own workspace -- even if application logic has a bug.

Workspace-scoped isolation

Each workspace operates in a logically isolated data partition. There is no shared state between tenants. Access is scoped to the workspace level, eliminating cross-tenant data leakage.

Encrypted storage

All data is encrypted at rest using AES-256 (Google Cloud Firestore default) and in transit using TLS. No customer credentials are stored.

Secure alert delivery

Slack alerts are delivered via authenticated webhook over HTTPS. Email alerts are sent through Resend with DKIM and SPF validation. All alert channels use encrypted transport.

Designed with SOC 2 principles

Sitewatch is designed with SOC 2 control principles in mind, including access logging, change management, and incident response procedures. Formal certification is on our roadmap.

AES-256

Encryption at rest

TLS

Encryption in transit

Firestore

Security rules

All monitoring data is encrypted at rest and in transit. No customer credentials are stored.

Defense in depth

How Sitewatch secures your data

Authenticated access

Every request is authenticated through Firebase Authentication. Cloud Functions verify the caller's identity and workspace membership before processing any action.

Authorization enforcement

Cloud Functions use authorization helpers (assertAuthed, assertWorkspaceAdmin) to enforce role-based access. Workspace-scoped rules ensure users can only access their own data.

Isolated data storage

Firestore security rules enforce strict tenant boundaries at the database layer. Even if application logic has a bug, the database rejects unauthorized cross-workspace access.

Verified alert delivery

Outbound alerts are delivered over encrypted channels: authenticated Slack webhooks over HTTPS, and email via Resend with DKIM/SPF validation.

Your monitoring data deserves real protection

Firebase Auth, Firestore security rules, workspace isolation, and encrypted storage -- from day one, on every plan.

Start monitoring

FAQ