Trust & Security
How we look after your data
This page is maintained by Gain Momentum to answer common security and privacy questions about the Gain Momentum platform. It describes the controls currently in place and is not an independent certification.
Access & authentication
- Every workspace is multi-tenant by design. Users sign in with email and password or Google, and access to a client workspace requires an explicit membership granted by an administrator.
- Role-based permissions separate super admins, advisors, client admins and client viewers. Privileged actions (billing, audit logs, role grants) are server-side and re-check the caller's role.
- All sessions use industry-standard JWTs and are revocable from the account settings page.
Hosting & platform
- Gain Momentum runs on the Lovable Cloud platform, which is built on Supabase (PostgreSQL, Auth, Storage) and serverless edge compute. Traffic is served over HTTPS with TLS in transit.
- Row-Level Security is enabled on every tenant table; cross-tenant reads are blocked at the database layer in addition to application checks.
- Server secrets (API keys, webhook signing keys) are stored in the platform's secret store and never shipped to the browser bundle.
Data we collect
- Account data: your name, email and the workspace(s) you belong to.
- CRM & growth data you upload or sync: contacts, companies, opportunities, conversations, campaign performance and meeting notes.
- Integration data pulled from third-party tools you connect (for example LinkedIn outreach providers, CRM and email systems) so we can surface it inside the app.
- Operational telemetry: error reports and aggregated usage signals used to keep the platform reliable.
Subprocessors & integrations
We use a small set of trusted subprocessors to deliver the service. The current list includes our cloud host (Supabase / Lovable Cloud), transactional email (Resend), AI inference (the Lovable AI Gateway and OpenAI), and the third-party CRM and outreach systems you connect. We do not sell customer data.
Retention & deletion
- Customer data is retained for the life of your subscription. On request we will export or delete a workspace's data within a reasonable period after the request is verified.
- Backups follow the underlying platform's standard schedule and are rotated on the platform's retention window.
Contact us
For privacy requests, data exports, deletion requests, or to report a suspected security issue, email security@gainmomentum.today. We aim to acknowledge security reports within two business days.
Shared responsibility: Gain Momentum secures the platform; customers are responsible for managing their own users, the content they upload, and the third-party tools they connect.
