Security

Our Security Promise

Security is at the core of everything we build. Your code stays on your machine - we only provide secure remote access.

Architecture

• Zero-Trust Model: Every request is authenticated and authorized
• End-to-End Encryption: All communications encrypted with TLS 1.3
• Cloudflare Tunnel: Secure connection without exposing ports
• Auth0 Integration: Enterprise-grade authentication

Data Protection

How we protect your data:

• Your source code never leaves your machine
• Session data encrypted at rest and in transit
• Audit logs for all operations
• Regular security audits

Access Controls

• Multi-factor authentication (MFA) supported
• SSO via Auth0 for enterprise customers
• Granular permission controls
• Session timeout after inactivity
• Device authorization required

Infrastructure Security

• Hosted on Railway with automatic security patches
• PostgreSQL with encryption at rest
• Redis with authentication required
• Regular backups with encryption
• DDoS protection via Cloudflare

Compliance

Katachi complies with:

• GDPR (General Data Protection Regulation)
• CCPA (California Consumer Privacy Act)
• Industry best practices for secure software development

Vulnerability Reporting

If you discover a security vulnerability, please report it to: security@katachi.live

We take all reports seriously and will respond within 24 hours.

Incident Response

In the event of a security incident, we will:

• Notify affected users within 72 hours
• Provide detailed information about the incident
• Take immediate action to mitigate the issue
• Conduct a thorough post-mortem analysis