Protected account areas
Dashboard, submissions, API keys, and import review routes are protected behind authentication and role checks before private or administrative data is shown.
Security
Security and reporting
This page summarizes the controls that matter before using accounts, submissions, and catalog workflows in the English launch.
Review before publication
Submitted and imported tools do not automatically become verified public recommendations. Review state and trust signals are intentionally separated.
Practical security posture
Qaranly describes current controls without overstating guarantees. Production readiness also depends on configured environment variables, email, analytics, and Supabase drift checks.
Vulnerability reports
Send security concerns to security@qaranly.com with the affected route, impact, and reproduction details. Avoid destructive testing against production data.