Kiridot legal
Security Overview
This overview describes Kiridot's security posture, incident handling, and user responsibilities for protecting accounts and workspaces.
Effective date: June 24, 2026
1. Security Program
- Authentication uses secure password storage, session tokens, email verification, password reset tokens, and optional two-factor authentication where enabled.
- OAuth tokens for connected social accounts are encrypted before storage.
- Workspace-owned media paths are protected with signed CDN URLs and server-side media validation.
- The backend uses rate limiting, request validation, CSRF protections for applicable flows, logging, and background-job isolation.
- Access to production systems and provider dashboards is limited to personnel and contractors with a business need.
2. Provider and Infrastructure Security
Kiridot relies on specialized providers for storage, payments, email, AI processing, social publishing, and infrastructure. We evaluate provider roles and use contractual and technical safeguards appropriate to their function.
3. Incident Response
Kiridot investigates suspected security incidents, takes steps to contain and remediate issues, and notifies affected users or regulators when required by applicable law.
4. Customer Responsibilities
- Use a strong unique password and protect your email account.
- Limit workspace access to authorized people.
- Disconnect social accounts you no longer use.
- Review generated content before publishing.
- Tell Kiridot promptly if you suspect unauthorized access, exposed credentials, or unsafe content.
5. Reporting Vulnerabilities
Report suspected vulnerabilities to [email protected]. Please include affected URLs, reproduction steps, impact, and your contact information. Do not access, modify, delete, or disclose other users' data.