Your access and refresh tokens are encrypted on the server using AES-256-GCM with a key managed by Firebase Functions configuration. They are never exposed to the client application.

All OAuth operations, including token exchange and refresh, are handled exclusively by secure, server-side Firebase Functions. Your client application only initiates the flow and receives status updates.

Robust Firestore security rules are in place to ensure that only authenticated and authorized users can manage their own token records. Raw tokens are never readable, even by the owner.

When you revoke a connection, the corresponding token record is permanently deleted from our Firestore database, ensuring no residual access remains.