Menu
Build
Security & privacy
Private water only works if landowners, members, and conservation-sensitive places are protected. Those promises are enforced at the API boundary — not left to callers.
What the API never returns
- Exact GPS coordinates, gate codes, or access instructions.
- Landowner identities, contact details, or lease/financial terms.
- Club member rosters or member PII.
- Bookings, payments, payouts, or reservation history.
- Guide credential documents or background-check state.
- Internal notes and any conservation-sensitive location data.
Approximate coordinates
Property coordinates are deterministically jittered within a 2 km radius for public consumers, and the response is stamped coordinates_precision: "approximate". Exact locations are reserved for confirmed, authorized contexts inside the product — never the public API.
How it's enforced
Reads run against curated, column-limited projections (published properties only, live and background-checked guides only, public SQL views for guide and availability data). A build-time test asserts no sensitive column can enter a public allowlist, so a careless change fails CI rather than leaking data.
Key handling
Treat keys like passwords: keep them server-side, never in client bundles or mobile apps you ship. Rotate regularly and revoke immediately if exposed. We store only a hash of each secret, so we can never email it back to you — create a new one instead.
Report a vulnerability