Security
Security controls for renewal operations data, sessions, billing, and support workflows.
InstaRenewal is designed for operational renewal data, not password or secret-key storage.
Authentication and sessions
InstaRenewal uses custom email/password authentication, password hashing, HTTP-only session cookies, and Redis-backed session storage.
Tenant isolation and database safety
Workspace records are scoped by workspace ID. Database access uses raw SQL with parameterized queries rather than interpolating user input into SQL strings.
Rate limits and audit logs
Login, signup, password reset, email verification, API writes, jobs, and contact submissions are rate-limited. Important account, billing, workflow, and contact events are stored for operational review.
Email, billing, and secrets policy
Transactional email runs through Resend. Billing runs through Polar so InstaRenewal does not directly handle payment card details. Users should not store passwords, private keys, API secrets, or client credentials in notes or asset fields.
Backups, headers, and reporting
Backup procedures and security headers are maintained as part of the production operating baseline. Vulnerability reports can be sent through the contact page using the Security topic or to alerts@instarenewal.com.
Admin access
Administrative access is restricted to founder and support operations with audit logging and separate controls from normal workspace access.