Security

Security is the foundation of the workflow, not a badge added afterward.

Because the platform handles sensitive operator access and vehicle lookup data, the product is designed around control, traceability, and protected delivery.

Protected Transport

Launch traffic is served over HTTPS, and sensitive browser-facing flows avoid exposing server-side secrets.

Approval-Gated Access

Professional accounts are reviewed before access, with authorization controls for launch-critical actions.

Secure Infrastructure

The launch stack is deployed through Supabase and Vercel, with rollback and monitoring evidence tracked in launch readiness docs.

Access Controls

Multi-factor authentication, role-based access, and comprehensive audit logging for all account activities.

Compliance

Payments handled by Stripe (a PCI DSS Level 1 certified processor); KeyCodes.ai does not store card data

Incident response procedures

No-secret logging rules

RLS and rate-limit risk list tracked before launch

Responsible Disclosure

If you identify a possible vulnerability, report it directly to our security team. We take reports seriously and coordinate remediation responsibly.

Report a Vulnerability