Crosscheck
Security & Privacy

Security Overview

Crosscheck is built with security at every layer. Your data is protected by industry-standard encryption, passwordless authentication, and minimal-exposure design principles.

Security at a Glance

Encryption in Transit

All data is encrypted in transit using HTTPS with TLS. No data is ever sent over unencrypted connections.

Encryption at Rest

Checks, DevTools data, and integration tokens are stored encrypted at rest on our managed infrastructure.

Secure File Access

Files are never publicly accessible. Every file access uses time-limited, secure URLs that expire automatically.

Managed Infrastructure

Crosscheck runs on managed infrastructure with automatic security patches, continuous monitoring, and strict access controls.

Authentication

Crosscheck uses passwordless authentication. Users sign in with a one-time password (OTP) sent to their email or via a magic link. Google OAuth is also supported for single-click sign-in. This eliminates the risks associated with password storage, reuse, and brute-force attacks.

Sessions are managed with secure, short-lived tokens that are verified on every request. The extension shares your authenticated session securely with the web application.

No Passwords Stored
Because Crosscheck is entirely passwordless, there is no password database to breach. Authentication relies on email verification and OAuth, reducing the security surface area significantly.

Third-Party Integration OAuth

Integrations such as Jira and ClickUp also use OAuth, but on a per-user basis — each workspace member connects their own Jira site or ClickUp workspace. The OAuth tokens issued by those services are stored encrypted on Crosscheck's side and are only used to create tasks on behalf of that user. Disconnecting an integration from the Integrations page immediately invalidates the stored token.

Data Access Controls

Access to checks is controlled at multiple levels:

  • Workspace isolation: Checks belong to a workspace and are only accessible to workspace members.
  • Project-level organization: Checks are organized by project within a workspace for additional scoping.
  • Invite-based sharing: Specific checks can be shared with individual users via email invitation.
  • Public links: Public sharing must be explicitly enabled per check and can be revoked at any time.
  • Third-party integrations: Pushing a check to Jira or ClickUp is always a deliberate, per-check action initiated from the kebab menu. No check data leaves Crosscheck automatically just because an integration is connected.

Infrastructure

Crosscheck's infrastructure is built on enterprise-grade platforms with continuous monitoring, automatic patching, and strict access controls. All internal communication is encrypted, and sensitive configuration is managed securely and never exposed in source code.

Learn More
For details on what data the extension collects, see the Data Privacy page.
Previous
AI Integration (MCP)
Next
Data Privacy
Last updated: March 2026