diff --git a/apps/quill/src/lib/polar.ts b/apps/quill/src/lib/polar.ts
index 699056c..324958b 100644
--- a/apps/quill/src/lib/polar.ts
+++ b/apps/quill/src/lib/polar.ts
@@ -184,7 +184,14 @@ export async function verifyWebhook(
   const candidates = sigHeader.split(" ");
   for (const c of candidates) {
     const [version, sig] = c.split(",");
-    if (version === "v1" && sig && (await timingSafeEqual(sig, expected))) {
+    if (
+      version === "v1" &&
+      sig &&
+      (await timingSafeEqual(
+        new TextEncoder().encode(sig),
+        new TextEncoder().encode(expected)
+      ))
+    ) {
       return true;
     }
   }
diff --git a/apps/quill/src/routes/admin.ts b/apps/quill/src/routes/admin.ts
index 063cd53..2b4ef19 100644
--- a/apps/quill/src/routes/admin.ts
+++ b/apps/quill/src/routes/admin.ts
@@ -19,7 +19,13 @@ adminRouter.use("*", async (c, next) => {
     throw new HTTPException(503, { message: "Admin API not configured." });
   }
   const provided = c.req.header("x-admin-key");
-  if (!provided || !(await timingSafeEqual(expected, provided))) {
+  if (
+    !provided ||
+    !(await timingSafeEqual(
+      new TextEncoder().encode(expected),
+      new TextEncoder().encode(provided)
+    ))
+  ) {
     throw new HTTPException(401, { message: "Invalid admin key." });
   }
   await next();