Security & Privacy
Align the public widget and API surface with your auth perimeter, consent model, and trust boundaries.
- Last reviewed
Security & Privacy
These pages cover the public trust boundary.
Read this section before broader rollout if:
- your product already uses JWTs and you need survey traffic to honor that
- responses must attach to known identities
- consent or regional policy affects analytics or storage behavior
- you want a clear model for what the public API key does and does not protect
In this section
These pages explain the public trust boundary: auth, consent, and what the client surface should expose.
JWT Auth
Require public widget and API traffic to carry the same signed tokens your app already trusts.
Read page
Widget Security Model
Understand what the public API key does, where auth fits, and how browser installs stay inside the trust boundary.
Read page
Compliance & Consent
Control non-essential scopes like analytics and storage without blocking response collection itself.
Read page