Security
Security controls for a sensitive workflow.
FollowerSpike handles identity, billing, AI output, and LinkedIn session material as sensitive data.
Last updated: May 15, 2026
Encrypted Sessions
LinkedIn session payloads are encrypted server-side with AES-256-GCM and are never exposed to client components.
Least Privilege
User-facing reads and writes go through Supabase RLS. Subscription, webhook, audit lead, and automation log writes use service-role code paths only.
Verified Integrations
Razorpay and QStash requests are verified before processing. Worker dispatch payloads are signed with a shared secret.
Audit Trail
Every attempted, skipped, paused, failed, and successful automation action is stored with a reason code and timestamp.
FollowerSpike is not affiliated with, endorsed by, or certified by LinkedIn. Automation carries platform risk; FollowerSpike is designed with consent, review, rate limits, and pause controls to reduce that risk.