Security

Security controls for website-change monitoring.

LynxSentinel is designed around tenant isolation, verified billing webhooks, safe outbound scraping, and secret-free operational practices.

Tenant isolation

Workspace membership is the access boundary. Dashboard and API projections only expose data for the active workspace.

Webhook integrity

Payment-provider webhooks are verified before they update billing truth, and repeated events are processed idempotently.

Scraping safeguards

Outbound fetches are limited to public HTTPS targets and protected against private-network access and unsafe URL handling.

Operational hygiene

Secrets live in environment variables, sensitive request data is scrubbed before error reporting, and production checks prevent missing critical configuration.