Security¶
Draft — pending review
Working draft for transparency; confirm each statement reflects current practice before publishing. It does not create warranties beyond those in the Terms of Service.
Last updated: June 25, 2026
KikiDoc (ARK Consulting) is designed with a security-first approach: modern cloud infrastructure, encrypted communications, strict access controls, tenant isolation, and automated retention. These measures also serve as the technical and organizational measures ("TOMs") referenced by our Data Processing Addendum.
Infrastructure¶
- Application hosting and compute on Fly.io (Frankfurt, EU); managed Neon PostgreSQL database (EU); rendered artifacts on Cloudflare R2. Full list: Subprocessors.
- Infrastructure is located primarily within the European Union.
- The rendering engine runs on a private network and is not exposed to the public internet — it is reachable only by our own services.
- Secrets and credentials live in the platform secret store and are injected as environment variables — never committed to source control.
Encryption¶
- In transit: TLS/HTTPS for all traffic. The
kikidoc.devdomain is HTTPS-only (HSTS). - At rest: the database and object storage are encrypted at rest by our infrastructure providers.
- Sensitive credentials: where you configure your own storage bucket, those credentials are additionally encrypted by us at rest and are never displayed back after saving.
- Passwords are stored using secure, salted one-way hashing — never in plaintext.
- API keys are stored in masked/derived form; the full key is shown only once at creation.
Authentication & access control¶
- API keys authenticate REST requests (
X-API-Key); unique per organization, revocable at any time. - The MCP server authenticates with signed JWT bearer tokens; requests without a valid token are rejected before any tool runs.
- Webhook callbacks are signed with HMAC-SHA256 so receivers can verify authenticity.
- Role-based access for teams; principle of least privilege for internal access.
Tenant isolation¶
All customer resources — API keys, templates, usage, subscriptions, and stored artifacts — belong to an organization and are scoped to it. Requests are authorized against the calling organization, so one organization can never access another's data.
Application safeguards¶
- SSRF protection: URL-rendering requests are validated to block internal, private, and cloud-metadata network ranges.
- Sandboxed templating: submitted HTML is processed in a sandboxed template engine; arbitrary code or file access is not reachable through templates.
- Rate limiting & quotas protect against abuse and runaway usage.
Data retention¶
- Signed download URLs expire after 1 hour by default.
- Generated artifacts are automatically deleted 24 hours after creation.
- Templates remain until deleted by the customer.
- Deleted accounts are removed or anonymized within 30 days (subject to legal retention).
Reliability & backups¶
The managed database provider performs automated backups with point-in-time recovery; backups are retained on the provider's standard schedule and then cycled. Data deleted from the live system may persist in backups until those backups are overwritten. Application code is version-controlled, reviewed, and validated by automated tests before release.
Customer Content¶
- Customer Content is processed solely to provide the Service.
- Customer Content is not sold and is not used to train machine-learning models.
Monitoring & abuse prevention¶
We maintain application and security logs (authentication and request metadata) for a limited period for debugging, abuse prevention, and incident investigation, supported by security monitoring and abuse detection.
Incident response & breach notification¶
We investigate suspected incidents, take remedial action, and keep dependencies up to date. In the event of a personal-data breach, we will notify affected customers and the relevant supervisory authority without undue delay where required by law; acting as a processor, we notify the relevant controller without undue delay after becoming aware of a breach affecting their data.
Responsible disclosure¶
If you discover a security issue, please report it to [email protected]. We welcome good-faith research, will acknowledge your report, and ask that you give us a reasonable opportunity to investigate and resolve before any public disclosure. Please don't access, modify, or destroy data that isn't yours, or run tests that degrade the Service for others.
Shared responsibility¶
You are responsible for keeping your API keys and credentials secret, managing your team's access, ensuring you have a lawful basis for the Customer Content you submit, and determining whether the Service meets your own compliance requirements (see Terms §15).