Credential storage
Google Secret Manager
Provider logins are stored server-side in Google Secret Manager and never written into the browser.
Security FAQ
How AuxPadel handles provider logins, cards, and booking handoffs
AuxPadel needs provider access to check availability and finish bookings on your behalf. This page explains what is stored, where it lives, and how to remove it.
Card encryption
Enabled
Saved card fields are encrypted with Google Cloud KMS before they are written to storage.
Transport
Secure handoff
AuxPadel is intended to run behind HTTPS/TLS, and final payment steps stay on the provider page.
Why does AuxPadel need provider credentials?
Provider logins are used to check live availability, fetch your current bookings, and complete booking steps with the club systems you connect.
Do you store passwords in the browser?
No. The browser only sends credentials to the backend when you save them. AuxPadel does not persist provider passwords in local storage or URL parameters.
How do I delete saved access?
Use Remove in Settings to delete a provider login or saved card from AuxPadel at any time.
Questions or deletion requests
Contact alek@contact.auxpadel.de if you want a manual review of stored access or billing state.