Security

Security is a core product requirement, not an add-on.

This page summarizes how Kourtra is designed to protect community data. It is not a compliance certification statement.

For privacy and data handling details, see the Privacy Policy.

Tenant isolation

Kourtra is designed as a multi-tenant SaaS. Community isolation is enforced at the database layer using Row-Level Security (RLS).

Requests run in a scoped transaction so tenant context is consistently applied to database queries.

Authentication and sessions

We use authenticated sessions to protect access to your workspace. Sensitive actions can require reauthentication.

We support multi-factor authentication (TOTP + recovery codes) and WebAuthn passkeys for stronger account security.

Kourtra also uses a device identifier cookie to help protect session integrity.

Auditability

Security and administrative activity is designed to be traceable through audit events.

Audit logs are treated as append-only records to preserve history.

File safety

Uploaded files can be processed by background workers and, when configured, scanned for malware.

Files may be quarantined during processing to reduce risk.

Your controls

Data export

You can request an export of your account data from inside the product.

Learn about privacy rights
Deletion and retention

You can request account deletion. Some data may be retained where required for security, billing, or legal obligations.

Read the Privacy Policy

Incidents

Check current uptime and incident history on the Status page.

View statusHelp center
Get startedPrivacy Policy