Last updated July 8, 2026
Security
Internal preview. This document is an initial version published ahead of commercial launch and will be reviewed by counsel before the first paid subscription.
Infrastructure
The application runs on Vercel (US) with the primary datastore on a hardened US-region server. Transport is TLS-only; sessions are signed HTTP-only cookies.
Access control
- Tenant-scoped authorization on every query path.
- Role model: owner, member, viewer. Audit logging on sensitive actions.
- Secrets are environment-managed and never stored in the repository.
Data handling
Databases are firewalled to non-default ports with strong credentials; backups are encrypted at rest. LLM calls are metered and logged; customer workspace content is not used for model training.
Disclosure
Report vulnerabilities to security@zhidun.ai. We acknowledge within 48 hours.