firepanel
Sign inGet started
Security

Your Firebase credentials, protected.

Firepanel is built so you never have to wonder where your data is or who can see it.

Service account protection

How we protect your service account.

Encrypted at rest

Your Firebase service account is encrypted with AES-256-GCM before it touches our database. The encryption key lives in isolated infrastructure, never in the database itself.

We don't store your data

Firepanel reads your Firestore, Auth, and Storage live from your Firebase project and passes it straight to your browser. Your documents and users are never copied onto our servers.

You're always in control

Disconnect a project anytime and its encrypted credentials are permanently deleted. Revoke the service account in Firebase and Firepanel instantly loses access.

Transparency

What we can and can’t see.

What Firepanel accesses

  • Your Firebase data, but only live and only when you're actively using the app.
  • Audit metadata: who took which action and when.
  • The account info you gave us at sign-in (name, email, avatar).

What Firepanel never does

  • Sell or share your data with advertisers.
  • Store your Firestore documents, Auth users, or Storage files on our servers.
  • Share your service-account credentials with any third party.
  • Track you across other sites or run ad pixels.

Stack

Infrastructure.

Best-in-class providers, named so you can audit them yourself.

Hosting

Vercel

Application runtime and edge network.

Database

Neon Postgres

Account data, audit log, encrypted credentials.

Authentication

Google OAuth

Sign in with the Google account you already use.

Payments

Razorpay

PCI-compliant. We never see card numbers.

Transactional email

Plunk

Sign-in alerts, billing receipts, contact replies.

Product analytics

Mixpanel

Account email + id only. No Firestore data. Opt out from the cookie notice.

Under the hood

Encryption, in plain terms.

The end-to-end path your credentials take, with nothing hidden.

  1. Step 01

    You connect a project

    Paste your Firebase service-account JSON into the connect wizard. It travels over TLS to our server.

  2. Step 02

    We encrypt before storing

    On the server, the JSON is encrypted with AES-256-GCM using a key held in environment configuration, not in the database.

  3. Step 03

    We decrypt only in memory

    When a request needs Firebase access, we decrypt in memory just long enough to authenticate the request. The plaintext never hits disk.

  4. Step 04

    Your browser never sees it

    Service-account credentials are never sent to your browser. The decrypted key lives only in our server process during a single request.

Responsible disclosure

Found a security issue? We want to know.

We investigate every report. Reach us through the Contact page and put “security” in the subject so it gets routed correctly. We’ll respond quickly and credit you (if you’d like) once a fix is shipped.

Report an issue

Honesty

Honest about our stage.

Firepanel is in private beta. We’ve built security in from day one, but we’re a young product. We don’t yet have formal certifications like SOC 2. We’ll be transparent as we mature — including what we’ve added and what’s still on the roadmap.

Connect your first project.

See how it feels to manage Firebase from an admin panel built for the work.

Get started