ExtraltExtralt
Concepts

Security & Privacy

Extralt is designed with data isolation and security as core principles.

Organization isolation

Everything in Extralt is scoped to your organization. Your robots, runs, captures, and credits are completely isolated from other organizations.

  • API keys only access data within their organization
  • Users in one org cannot see another org's data
  • Even if you have multiple orgs, each is a separate, isolated environment

API key security

API keys are the sole authentication mechanism for the Extralt API.

  • Keys are generated per organization from the dashboard
  • Each key is scoped to one organization
  • Keys can be revoked at any time
  • Compromised keys should be revoked and replaced immediately

Best practices:

  • Store keys in environment variables, not in code
  • Never commit keys to version control
  • Use separate keys for development and production
  • Rotate keys periodically

Billing security

Billing is handled entirely by Polar.sh, a third-party payment processor. Extralt never stores, processes, or has access to your credit card information or payment details.

When you subscribe or manage your billing, you're redirected to Polar.sh's secure interface.

Data handling

  • Extracted data (captures) is stored within your organization and accessible only through authenticated API requests
  • Data is retained according to your plan terms
  • You own the data you extract

What's next

The 4 E's Pipeline

Extralt's product intelligence pipeline -- Extract, Enrich, Extend, Explore.

Error Codes

Complete catalog of Extralt API error codes with descriptions and solutions.