Draftworks

Security

Key custody, transport security, infrastructure boundaries, and how to reach us — security reports, abuse, and DPA requests.

Contacts

ConcernContactExpectation
Vulnerability reportssecurity@draftworks.devAcknowledgment within 24 hours
Abuse of the platform (spam, fraud, policy violations)abuse@draftworks.devReviewed within 24 hours
Data processing agreements and privacy requestsprivacy@draftworks.devDPA available on request
Everything else, and escalation if the above stallsupport@draftworks.devFirst response within one business day

Report vulnerabilities privately to the security address before any public disclosure and include enough detail to reproduce. Good-faith research against your own account is welcome; do not access other customers' data, degrade the service, or run automated scanners against production.

API keys

  • Keys are shown once at creation and stored only as SHA-256 hashes. Draftworks cannot recover a lost key, only replace it.
  • Keys can be paused (reversible) or deleted from /dashboard/keys, effective immediately at admission.
  • Authentication accepts the key in the Authorization: Bearer header; keys never appear in URLs and are never logged in plaintext.

Receipt signing keys

Every response is signed with Ed25519. The private key exists only in the gateway's server environment; the public key is published on the verify page and in the receipt spec. A key rotation would be announced in advance, with the old public key kept published so historical receipts remain verifiable.

Transport and infrastructure

  • All endpoints are HTTPS or WSS only, including the hop from the gateway to Azure.
  • The serving path and provider boundaries are documented in architecture; what each provider holds is in data handling.
  • Production access is limited to the operator; secrets live in the platform environment stores (Vercel, Azure, Convex), not in the repository.

What we do not have

The strongest security property of the design is what is absent: no stored prompt or completion content to breach, no plaintext keys to leak, and no way for Draftworks to reproduce your data from what it retains. The receipt system means even our own claims about which model served you are independently checkable — see how receipts prevent bait-and-switch.

On this page