Security

We take the security of your account, your content, and your audience data seriously. This page describes how the platform is built and operated.

1. Authentication

Sign-in is handled by a managed identity provider using OAuth 2.0 / OpenID Connect. We support email + password, Google, Facebook, and Apple sign-in. Passwords are never stored by us — they are hashed by our identity provider with industry-standard algorithms.

Session tokens (JWTs) are stored in HTTP-only, Secure, SameSite=Lax cookies, which protects them from XSS and CSRF attacks. Tokens expire after 1 hour and are refreshed automatically.

2. Data isolation

Every resource (project, episode, persona, template, audio file) is scoped to a workspace. Backend handlers verify workspace ownership on every request before reading or writing data. Cross-workspace access is impossible by design.

3. Encryption

All traffic to and from the platform uses TLS 1.2+. Internal connections between our compute and storage layers are also encrypted. Secrets (API keys, signing keys) are stored encrypted at rest in an access-controlled secrets manager using industry-standard key management.

4. Storage

Generated audio files live in private cloud storage — direct public access is blocked. Playback URLs are signed by our CDN with short expirations and rotate frequently. Hotlinking and unauthorized access aren't possible without a valid signature.

Database tables have point-in-time recovery enabled (35-day window), so we can restore data if needed during incident response.

5. Infrastructure

The platform runs on enterprise cloud infrastructure in the United States. Workloads are isolated in dedicated services with least-privilege access policies. The content fetcher (which calls external newspaper APIs on your behalf) operates from a fixed network range so upstream providers can whitelist us reliably.

6. Monitoring & alerting

We monitor application errors, queue depth, dead-letter accumulation, API 5xxs, and email bounce rates. Alarms notify the on-call engineer within minutes of any anomaly. Full observability tracing covers every script-generation and agent-mode AI call for audit and debugging.

7. Third-party services

We rely on a small set of trusted sub-processors, grouped by purpose:

• Cloud infrastructure (hosting, compute, storage, content delivery — United States)
• AI providers (script generation, image generation, text-to-speech — industry-leading model providers)
• Identity provider (account authentication and session management)
• Stripe (subscription billing — PCI-compliant, we never see card data)
• Email service (transactional email)
• Observability (error monitoring and AI call tracing for audit and debugging)

A current sub-processor list with vendor names is available on request via security@kenwoodsolutions.com.

See our Privacy Policy for details on what data is shared with each vendor and why.

8. Reporting a vulnerability

If you find a security issue, please report it privately to security@kenwoodsolutions.com before disclosing it publicly. We'll acknowledge within 1 business day and keep you updated through the fix.

We don't currently run a paid bug bounty program, but we're happy to credit researchers in our changelog.

9. Compliance

We're not yet SOC 2 or ISO 27001 certified. Audits are planned for 2026. Enterprise customers can request a security questionnaire and architecture review by emailing security@kenwoodsolutions.com.