Trust report

What SpyGlow monitors, what it does not access, and what is still rolling out.

This report gives customers, legal teams, and security reviewers a plain status view of SpyGlow trust boundaries. It separates shipped controls from planned controls.

Last updated: June 25, 2026

Public-source monitoring boundary

SpyGlow is built to monitor publicly accessible competitor pages selected by customers or discovered from public website surfaces.

No private access

SpyGlow is not built to access password-protected pages, internal systems, private portals, private social accounts, private files, or content behind access controls.

Private URL protection

Backend scraping paths block local, private, and unsupported URL targets before page capture begins.

Account-scoped intelligence

Competitor lists, snapshots, reports, battle cards, and AI-generated insights are scoped to the customer account or workspace that created them.

Monitoring boundary

Public pages only.

SpyGlow monitors public website surfaces such as pricing pages, product pages, blogs, changelogs, help centers, documentation, press pages, and public job boards. Customers are responsible for choosing lawful targets they have the right to monitor.

For the full methodology, read How SpyGlow Monitors.

Password-protected pages
Private customer portals
Internal tools or intranets
Misconfigured cloud storage
Private social accounts
Leaked documents or private files
Content requiring compromised, shared, or unauthorized credentials
Crawler policy rollout

Observe first, enforce after review.

SpyGlow now records crawler policy outcomes before moving to enforcement. This avoids silently breaking customer monitoring while giving the team data needed for a safer enforcement rollout.

Active now
SpyGlow records robots.txt outcomes for major scraping and page-discovery paths, including allowed, disallowed, missing, and unreachable states.
Mode
Crawler policy is in observe-first mode so we can measure real-world impact before changing capture behavior.
Not claimed yet
SpyGlow does not currently claim blanket robots.txt enforcement or a deployed page-fetch user-agent identity across every monitoring path.
Next control
Move from observe-first logging to a reviewed enforcement policy after operational data is collected and customer impact is understood.
Evidence and data handling

Evidence stays close to the insight.

SpyGlow is designed to keep source URLs, capture timing, and supporting evidence close to competitive insights where the product feature supports it. AI-generated analysis should be reviewed against evidence before high-stakes decisions.

Competitive intelligence data is scoped to the customer account or workspace that created it. SpyGlow does not sell customer data and does not use customer competitor lists or generated insights to train public AI models.

Retention and subprocessors are documented in the Privacy Policy. Infrastructure and authentication details are documented on Security and Trust.

Planned, not yet claimed

The next trust controls.

These are roadmap items, not current compliance claims. They will be moved into shipped controls only after deployment and verification.

Reviewed robots.txt enforcement policy
Clear crawler identity for page-fetch traffic
Exportable security and legal review packet
Public monitoring changelog for trust-related controls
External legal or security review when scope and budget are ready
Questions

Security and legal reviewers can contact Click to show email. We can walk through monitoring boundaries, data handling, and current crawler policy status.