Security
How we protect your data and ensure platform integrity.
Last updated: December 2024
Security Overview
Kompyle is built with security as a core principle. We implement multiple layers of protection to safeguard your data and ensure platform integrity.
No API Keys on Client
Sensitive API keys and secrets are never exposed to the client browser. All secret operations are performed server-side. Your service credentials and secrets remain secure on our servers.
Secure Webhooks
All incoming webhooks (Stripe, etc.) are verified using cryptographic signatures. We validate the webhook source and payload integrity before processing any events.
Audit Events
We maintain comprehensive audit logs of significant events including authentication, billing changes, and administrative actions. These logs help us detect and respond to security incidents.
Rate Limiting
API endpoints are protected by rate limiting to prevent abuse and ensure fair usage. Excessive requests are automatically throttled to protect the platform.
Bot Protection
We use Cloudflare Turnstile to protect forms from automated abuse. This privacy-preserving challenge helps distinguish legitimate users from bots without intrusive CAPTCHAs.
Security Reporting
If you discover a security vulnerability, please report it responsibly to security@kompyle.com. We appreciate your help in keeping Kompyle secure.