Security

Basketball Spy is built for professional basketball organizations and the security of your data is foundational to everything we build. This page describes the security practices and controls that are actually in place across the platform today, along with an honest look at the areas we are continuing to strengthen. If you have a question that isn’t answered here, please reach out.

Accounts & authentication

Tenant data isolation

Basketball Spy is a multi-tenant platform: every organization’s data lives logically separated from every other organization’s. This separation is enforced at the data-access layer, not left to individual screens or queries to remember.

Authorization & access control

Secure transport & browser protections

Application hardening

Data protection & backups

API & sync security

Mobile app protection

A modern, maintained stack

Basketball Spy is built on Laravel 13 and PHP 8.5, with security-relevant dependencies kept current. Building on a widely used, actively maintained framework means we inherit a steady stream of security fixes and battle-tested defaults rather than reinventing core protections ourselves.

Areas we’re strengthening

Security is ongoing work, and we believe in being candid about what is not yet in place. The following are on our roadmap rather than available today:

Reporting a vulnerability

If you believe you have found a security vulnerability in Basketball Spy, we want to hear from you. Please email security@basketballspy.com with the details and steps to reproduce. We ask that you give us a reasonable opportunity to investigate and address the issue before any public disclosure, and that you avoid accessing or modifying data that isn’t yours while testing. We appreciate the security community’s help in keeping scouts’, coaches’, and front offices’ data safe.