Legal

Security

Security is part of how we build and operate KoraHub. This page summarizes our approach to protecting the platform, customer data, and the continuity of the service.

Last updated: April 18, 2026

Security approach

KoraHub is designed for businesses handling strategy, customer, and operational workflows, so we treat confidentiality, integrity, and availability as ongoing responsibilities. Security work is built into product operations, infrastructure management, vendor evaluation, and incident handling.

  • Limit access to customer data based on role, operational need, and least-privilege principles.
  • Protect data in transit and at rest using industry-standard safeguards appropriate to the service.
  • Monitor platform health, access patterns, and operational signals to detect abuse, misuse, or unexpected activity.
  • Review infrastructure, application, and vendor changes with security considerations in mind before rollout.

Platform safeguards

  • Authentication, session, and account protections designed to reduce unauthorized access risk.
  • Administrative, technical, and organizational controls intended to protect customer data and service integrity.
  • Logging, diagnostics, and operational alerting that help us investigate reliability or security issues.
  • Backups, recovery planning, and change-management practices that support resilience and incident response.

Data handling

Customer data is processed to provide requested product features, support workflows, and maintain the service. Access to that data is intended to be restricted to authorized personnel, subprocessors, and systems with a legitimate operational purpose.

As described in our privacy materials, we do not use customer workspace data to train public foundation models. When third-party infrastructure or model providers are involved in delivering the service, we expect them to operate under contractual and operational restrictions appropriate to their role.

Incident response

No online system can promise absolute security. If we identify or reasonably suspect a security issue affecting systems we control, we respond with investigation, containment, remediation, and follow-up measures appropriate to the severity and context of the event.

  • Investigate and contain suspected incidents affecting systems we operate.
  • Assess scope, impact, and required remediation steps with urgency proportional to the issue.
  • Apply fixes, recovery actions, and additional safeguards where appropriate.
  • Provide customer notice when required by law, contract, or the circumstances of a material incident.

Shared responsibility

  • Use strong passwords, protect credentials, and enable any additional account protections we make available.
  • Manage workspace roles, user access, and third-party integrations carefully within your organization.
  • Review uploaded content, prompts, and connected tools to ensure they meet your internal security requirements.
  • Notify us promptly if you suspect unauthorized access, credential compromise, or other security concerns.

Security disclosures

If you believe you have identified a vulnerability or suspicious behavior, send details to our team so we can investigate. Include the affected page or workflow, steps to reproduce, timing, and any supporting context.

Please avoid testing in a way that disrupts the service, accesses data that does not belong to you, or creates availability risk for other customers.

Contact us

For security questions, incident reports, or responsible disclosure messages, email [email protected].

← Back to home