Effective 19 June 2026
We treat the data you trust us with as our own. Here is exactly how Measure is built to keep it safe.
The application runs on Vercel’s global edge network. Your data lives in a managed Postgres database provided by Supabase on Amazon Web Services, with background processing on Railway. Traffic is encrypted in transit with TLS, and data is encrypted at rest by our infrastructure providers.
Every workspace is isolated by row-level securityin the database, so one customer can never see another’s data. Internal access is limited to the staff who need it to operate and support the service, authenticated individually, and privileged keys are kept server-side and out of the browser bundle. Secrets are stored in our hosting provider’s encrypted environment, never in source control.
Measure measures the public answers that AI engines give — it does not feed your private data into them. The one model we run on your behalf, Anthropic’s Claude (for topic suggestions and the Copilot), processes requests to return a result and does not train on your data. We never train any model on your private workspace content, and we never sell your data.
Connecting Google is optional. When you do, we request read-only scopes, store the OAuth token encrypted, and use it only to fetch the metrics that power your dashboards. You can disconnect at any time from your settings or your Google account, which revokes our access immediately.
We use strictly-necessary cookies to keep you signed in and the service secure, and — with consent where required — product analytics to improve the service. You stay in control through your browser and our cookie settings.
Everything you may need for a vendor or security review is published and linked from one place:
If you believe you have found a security issue, please email hello@measure.co with the details. We investigate every report, act on confirmed issues quickly, and — where a breach affects personal data — notify affected customers and the relevant authority within 72 hours as required by law.
Larger teams can request a counter-signed DPA, completed security questionnaires, and a discussion of data residency or specific sub-processor requirements. Reach us at hello@measure.co.