Workspace

Developers

Tools

Security

How we protect the platform and how to reach us.

Transport security

All traffic to the website and API is served over HTTPS with modern TLS. API keys are sent in the X-API-Key header and should be kept secret.

Key handling

API keys are stored as salted hashes; the full key is shown only once at creation. Trial keys are read-only, rate-limited, and scoped to a non-destructive endpoint allowlist. The website never exposes the admin secret to the browser — key minting happens server-side.

Abuse prevention

Per-key quotas, per-IP daily caps, and bot verification protect the service from abuse. Trial tenants are automatically purged after expiry.

Data handling

Do not send PHI or sensitive personal data to the beta API. Evaluation traffic should use synthetic or de-identified values. Production data-handling commitments are made under a separate agreement.

Reporting a vulnerability

If you believe you have found a security issue, please contact us through the form on this site with details and reproduction steps. We appreciate responsible disclosure and will acknowledge reports promptly.