Searchore public information
Security starts with clear data and access boundaries
Searchore separates the public website from authenticated workspaces and treats credentials, permissions, and public-data scope as product and operational boundaries. Enterprise requirements can be reviewed before engagement.
Separate public pages and customer workspaces
Public marketing content can be accessed and cached normally. Customer workspaces, administration pages, and related interfaces require appropriate access and are not public search content.
Keep credentials out of content and support messages
API keys, passwords, cookies, authorization headers, and other secrets should not appear on public pages, in examples, log summaries, or ordinary support email.
- Do not email production credentials
- Rotate a secret promptly after exposure
- Give necessary access only to authorized people
Report a security concern
Send reproducible steps and expected impact to [email protected]. Do not include unrelated personal data in a security report.