Security & Trust

Authentication

• • Clerk-managed authentication with signed JWT validation.
• • Protected API routes require valid bearer tokens.
• • Production CORS allowlist enforced by backend configuration.

Billing Integrity

• • Stripe webhook signature verification is enabled in production.
• • Idempotency table (`processed_stripe_events`) prevents duplicate credit grants.
• • Failed evaluations automatically refund deducted credits.

Operational Reliability

• • Health and readiness endpoints are available for uptime monitoring.
• • Request tracing adds `X-Request-ID` for faster debugging.
• • Launch runbooks cover incident response, rollback, and production freeze controls.

Support

For security or account concerns, contact support@squaloai.com.