Security

Reporting a Vulnerability

If you discover a security vulnerability in Kedapix, please report it responsibly. Do not open a public issue. Email us directly at security@kedapix.com with a description of the issue, steps to reproduce, and any proof-of-concept if available.

We will acknowledge your report within 48 hours and aim to issue a fix or mitigation within 14 days for critical issues.

Our Practices

• All data in transit is encrypted via TLS 1.2+.
• User credentials are never stored in plaintext; authentication is handled via Supabase Auth.
• API keys and secrets are stored as environment variables, never committed to source control.
• Access to production infrastructure is restricted to the core team with MFA enforced.

Scope

In-scope targets include kedapix.com and all subdomains operated by Kedapix. Out of scope: social media accounts, third-party services we depend on, and denial-of-service attacks.