Security

Privileged work stays on the backend.

The client guides the workflow, while Firebase-backed services remain authoritative for account access, entitlements, processing, connected stores, delivery, and billing.

ID

Authenticated access

Firebase Authentication establishes identity. Verified accounts, active profiles, workspace membership, and server checks protect scoped operations.

App integrity

Protected callable and HTTP surfaces use Firebase App Check, with production configured to fail closed rather than silently bypass checks.

Server-side providers

Privileged marketplace, billing, and AI-provider credentials stay on backend services rather than shipping inside the Android app.

🔑

Connected stores

OAuth state, connector capability epochs, workspace ownership, store scope, and live principal access are validated before token use.

URL

Short-lived delivery access

Processed assets exposed outside Firebase use bounded, short-lived signed URLs where transport access is required.

LOG

Diagnostics with restraint

Crash and operational diagnostics support reliability. Sensitive credentials and signed asset URLs are not intended for logs.

Shared responsibility

Secure operation also depends on the account owner.

Protect access

Keep devices and credentials secure, remove former workspace members, and disconnect stores you no longer control.

Report concerns

Send suspected account compromise, connector abuse, privacy incidents, or vulnerability reports to support@productagent.app.