Security

Data is encrypted in transit using TLS. Data at rest is encrypted by our database and storage providers.

Every table is protected by row-level security. Access policies ensure a business owner can read and write only their own data. Public lead forms expose only the limited fields needed to submit an inquiry.

We support password, email OTP, phone OTP, and OAuth sign-in through our authentication provider. Passwords must meet strength requirements, and sessions are managed with secure, HTTP-only cookies.

Authentication and public lead submissions are rate-limited. Optional bot protection can be enabled on public forms. Sensitive errors are not exposed to end users.

Application access uses scoped, per-user credentials rather than privileged keys. Administrative keys are kept server-side and out of version control.

If you believe you have found a security vulnerability, please report it privately to support@metamorp.live before disclosing it publicly. We will acknowledge your report and work to address valid issues promptly.