Security
Key custody, transport security, infrastructure boundaries, and how to reach us — security reports, abuse, and DPA requests.
Contacts
| Concern | Contact | Expectation |
|---|---|---|
| Vulnerability reports | security@draftworks.dev | Acknowledgment within 24 hours |
| Abuse of the platform (spam, fraud, policy violations) | abuse@draftworks.dev | Reviewed within 24 hours |
| Data processing agreements and privacy requests | privacy@draftworks.dev | DPA available on request |
| Everything else, and escalation if the above stall | support@draftworks.dev | First response within one business day |
Report vulnerabilities privately to the security address before any public disclosure and include enough detail to reproduce. Good-faith research against your own account is welcome; do not access other customers' data, degrade the service, or run automated scanners against production.
API keys
- Keys are shown once at creation and stored only as SHA-256 hashes. Draftworks cannot recover a lost key, only replace it.
- Keys can be paused (reversible) or deleted from /dashboard/keys, effective immediately at admission.
- Authentication accepts the key in the
Authorization: Bearerheader; keys never appear in URLs and are never logged in plaintext.
Receipt signing keys
Every response is signed with Ed25519. The private key exists only in the gateway's server environment; the public key is published on the verify page and in the receipt spec. A key rotation would be announced in advance, with the old public key kept published so historical receipts remain verifiable.
Transport and infrastructure
- All endpoints are HTTPS or WSS only, including the hop from the gateway to Azure.
- The serving path and provider boundaries are documented in architecture; what each provider holds is in data handling.
- Production access is limited to the operator; secrets live in the platform environment stores (Vercel, Azure, Convex), not in the repository.
What we do not have
The strongest security property of the design is what is absent: no stored prompt or completion content to breach, no plaintext keys to leak, and no way for Draftworks to reproduce your data from what it retains. The receipt system means even our own claims about which model served you are independently checkable — see how receipts prevent bait-and-switch.