Security

We never set cookies or use browser fingerprinting. Unique visitors are identified by a daily-rotating hash of IP + User-Agent.

Every database table is protected by workspace-scoped RLS policies. Your data is isolated from other tenants.

Form embeds use short-lived HMAC tokens validated at the edge. Origin allowlists prevent unauthorized usage.

All ingestion runs on Cloudflare Workers — no single point of failure, sub-100ms globally.