Credential Management

Security is not an afterthought at ReviewMob. Your app store credentials are the keys to your business, and we treat them accordingly. Every credential you upload is encrypted before it ever touches our database, and our architecture is designed so that even we cannot read your raw keys.

All credentials are encrypted at rest using AES-256-CBC, the same encryption standard used by banks and government agencies worldwide. AES-256 is considered unbreakable with current technology. Each credential is encrypted with a unique initialization vector (IV), meaning even identical credentials produce completely different encrypted outputs. The encryption key is stored separately from your data as an environment variable, never in the database itself.

Every organization's data is completely isolated using Supabase Row-Level Security (RLS) policies enforced at the database level. This means one organization can never access another organization's credentials, reviews, or settings, even if there were a bug in our application code. The database itself enforces these boundaries.

Your raw credentials are never sent to the browser or included in API responses. When you view your connections in the dashboard, you only see that a credential is connected, never the credential itself. Credentials are only ever decrypted server-side at the moment they are needed to sync your reviews, and they are immediately discarded from memory after use.

Only workspace Owners and Admins can view or manage credential connections. Regular team members can use the platform to read and reply to reviews, but they cannot see, modify, or delete any app store credentials. This gives you full control over who has access to your sensitive configuration.

If you need to rotate your credentials (for example, if a team member leaves your company or if a key expires), go to Settings > Connections, select the platform, and upload new credentials. The old credentials are immediately and permanently replaced. There is no credential history, so old keys cannot be recovered once replaced.

To disconnect a platform, go to Settings > Connections and click "Remove" next to the connection. This permanently deletes the stored credential and stops review syncing for that platform. Your existing reviews are preserved, but no new reviews will be fetched.

AES-256-CBC encryption at rest for all credentials Unique initialization vector (IV) per credential Encryption keys stored separately from data Row-Level Security isolating each organization Credentials never exposed in browser or API responses Server-side decryption only when needed, then discarded Role-based access: only Owners and Admins can manage credentials Immediate permanent replacement on credential rotation No credential history or logs of raw keys