Security
Metricgram uses layered security controls to protect Telegram community data, account access, payment workflows, and integrations.
Encrypted sensitive fields
Advanced Telegram extraction credentials are encrypted with Rails encrypted attributes.
Signed webhooks
Stripe webhook signatures are verified before payment events are trusted.
Access controls
Role, plan, group, and impersonation protections limit who can access or change data.
Account protection
Metricgram uses Devise authentication, email confirmation, password reset flows, Google OAuth, reCAPTCHA controls, and session protections to reduce account abuse.
Application and integration security
Production runs over HTTPS. Stripe webhooks are signature-verified, Telegram webhook URLs use secret tokens, and sensitive parameters are filtered from logs.
Admin impersonation is restricted so testing does not silently modify customer data.
Operational safeguards
The product uses background jobs, monitoring-friendly logs, database constraints, and role-aware dashboards to keep community workflows reliable.
No internet service can guarantee perfect security, but we treat reported vulnerabilities and suspicious account activity as urgent operational issues.
Questions or data requests
Contact Metricgram at info@metricgram.com