Trust & Legal

Security

Metricgram uses layered security controls to protect Telegram community data, account access, payment workflows, and integrations.

Encrypted sensitive fields

Advanced Telegram extraction credentials are encrypted with Rails encrypted attributes.

Signed webhooks

Stripe webhook signatures are verified before payment events are trusted.

Access controls

Role, plan, group, and impersonation protections limit who can access or change data.

Account protection

Metricgram uses Devise authentication, email confirmation, password reset flows, Google OAuth, reCAPTCHA controls, and session protections to reduce account abuse.

Application and integration security

Production runs over HTTPS. Stripe webhooks are signature-verified, Telegram webhook URLs use secret tokens, and sensitive parameters are filtered from logs.

Admin impersonation is restricted so testing does not silently modify customer data.

Operational safeguards

The product uses background jobs, monitoring-friendly logs, database constraints, and role-aware dashboards to keep community workflows reliable.

No internet service can guarantee perfect security, but we treat reported vulnerabilities and suspicious account activity as urgent operational issues.

Security controls in practice

Identity and access

  • Email confirmation, password reset flows, Google OAuth, and session controls protect account access.
  • Plan, role, group, and impersonation checks limit access to workspace data and risky actions.

Integration boundaries

  • Stripe events are accepted only after signature verification.
  • Telegram webhook URLs use secret tokens, and advanced extraction credentials are encrypted at rest.

Operational handling

  • Sensitive parameters are filtered from logs and production traffic runs over HTTPS.
  • Background jobs, database constraints, and monitoring-friendly logs support reliable incident investigation.

Customer responsibilities

  • Group owners should give bot permissions deliberately and review connected Stripe products.
  • Users should protect their email, Google, Telegram, and Stripe accounts with strong authentication.

Questions or data requests

Contact Metricgram at info@metricgram.com

More trust pages

Trust center Privacy Policy Cookie Policy GDPR Data processing Subprocessors Responsible disclosure Terms of use Imprint