Skip to main content
KalinkloOS

Security

Practices, not posture.

What follows is the practice today — each item maps to controls running in production, not a promise.

Practices

What we do

16 practices in force today — a register, not a slogan.

01

Enterprise identity: SCIM provisioning + OIDC SSO readiness

SCIM 2.0 automated user provisioning is built, token-gated, tenant-scoped, and audited — your identity provider (Okta, Microsoft Entra ID, and peers) can provision and de-provision members, and de-provisioning is soft-only: leavers are suspended, never hard-deleted, so records survive. Per-organization OIDC single sign-on ships as a fail-closed, owner-configured foundation with encrypted secrets and existing-user-only linking — SSO can never create an account. Honest boundary: live IdP proof is still required before we call it proven enterprise SSO.

02

Approval-gated access

Kalinklo is private by default. Signing up creates a pending-approval account; an admin reviews and approves before dashboard access opens. Reviewed-access codes shared by the platform admin can fast-track trusted workspaces. There is no path to dashboard data that bypasses the approval gate.

03

Public visibility is opt-in

Public pages — homepage, pricing, security, managed services — never expose real organization, member, artist, agency, presenter, document, or engagement data. Directory/demo surfaces show fictional sample profiles only when clearly labeled. A real artist profile becomes publicly searchable only after the artist explicitly opts in.

04

Artists cannot see other artists

By default an artist account sees only its own profile, availability, requests, holds, quotes, contracts, invoices, documents, and the agencies/presenters connected to engagements it participates in. There is no general browse-all-artists directory inside the platform for artist-role users.

05

Agencies see only their roster

An agency workspace sees only its represented artists, the requests/holds/contracts/invoices that involve its roster, and its own portal settings. It cannot see other agencies' rosters or operations.

06

Organization workspaces stay private

An organization workspace sees only its own productions, schedules, assignments, member access, documents, announcements, acknowledgements, engagements, requests, contracts, invoices, and settlement records. Plan-gated discovery may surface artists who have explicitly opted in to be discoverable by approved presenters; otherwise no cross-workspace visibility exists.

07

Four visibility levels, per artist

Public (search-indexed folio) · Private listing (visible only to verified presenters and partner agencies inside the platform, no SEO) · Stealth roster (visible only to the artist's agency workspace and explicitly-invited presenters) · Workspace-private (engagements never leak — only artist, agency, presenter, and counsel ever see them). Default for represented artists is private listing, not public.

08

Human approval before commitment

No counterparty-facing message, contract, invoice, or settlement change moves without a person confirming the exact action. The approval itself is audited — who clicked, when, and on which payload.

09

Audit log on every transition

Every state change — request submitted, hold placed, quote sent, contract issued, invoice paid, settlement recorded — writes to the audit log with actor, timestamp, entity, and payload diff. Both parties to an engagement see the audit chain for that engagement.

10

Tenant boundaries

Every protected endpoint runs through an ownership check before responding. Cross-workspace detail requests collapse to 404 so attackers cannot distinguish real records from records they cannot access. In-workspace permission failures can return 403 when the user already belongs to the workspace. List endpoints scope queries to the caller's workspace.

11

Rights-aware music materials

Scores, parts, contracts, and internal documents never use permanent public links. Library Desk records rights status, approval state, expiry, acknowledgements, and access events before a member can view or download material.

12

AI policy: drafts only

AI, where configured, may summarize or draft internal text. It may not sign contracts, send external messages, issue invoices, process payments, publish materials, or change settlement state without an attributable human approval path.

13

Acceptable use boundaries

Kalinklo may suspend workspaces used for harassment, fraud, scraping, false rights claims, credential sharing, unauthorized document redistribution, or attempts to bypass workspace boundaries.

14

Operations not public

Public health endpoints expose no data. The version endpoint is restricted to internal operations. Admin dashboards require both a session and the admin MFA gate.

15

Content Security Policy

CSP pins script and connect sources to a known allow-list, denies eval and framing (frame-ancestors 'none'), and blocks third-party trackers. We do not load tracking pixels. No marketing analytics on the public site.

16

Rate limits + brute-force guards

Mutation endpoints carry per-actor rate limits. Public submission endpoints (/api/request-hold, /api/help/contact) are limited per IP. Failed sign-in attempts are throttled and logged.

The boundary, in three lines

Every transition is recorded.

Request, hold, quote, contract, invoice, settlement — each one writes to the audit log.

No action skips a human.

A person approves counterparty-facing messages, contract changes, invoice changes, and settlement records.

No workspace sees another.

Every endpoint runs an ownership check. Cross-workspace detail probes collapse to 404.

The boundary

What we will not do

01

We will not sell or share contact data

Your roster, your relationships, your records. We never resell them to third parties or use them for marketing outside Kalinklo.

02

We will not auto-publish unverified listings

Verification gates discovery. An unverified workspace can file requests but cannot be found by search.

03

We will not let automation replace approval

Messages, contracts, invoices, and money-state changes require an attributable human confirmation path.

04

We will not custody payment funds without a contract that says so

By default we record obligations and settlements; money moves bank-to-bank or via your existing processor.

Library Desk

Music materials & copyright

Scores, parts, and rental material carry obligations that ordinary file sharing ignores. The division of responsibility is simple: the organization decides the rights; Kalinklo enforces the access.

The organization owns the rights decision
Kalinklo does not license catalog, clear repertoire, or adjudicate copyright. The organization decides what may be uploaded, shared, performed, rented, copied, or distributed — and remains responsible for those rights.
Kalinklo enforces access, expiry, and audit
Every document carries an access rule and an optional expiry. Opens stream server-side after a permission check, and each open writes to the append-only access log — who opened what, and when.
Rights statuses are honored, not decorative
Public domain, original, licensed rental, perusal, view-only, and blocked-pending-review each behave differently in the Library Desk. A document with unknown rights raises a red flag until a librarian resolves it.
No public permanent links
Scores, parts, contracts, and internal documents are never served by a permanent public URL. Rental-part access can expire after the final service; when the window closes, the access ends.

How the Library Desk applies this day to day — rights tagging, gated streaming, member preview, expiry warnings — is described on the Library Desk page.

Subprocessors

The vendors that touch your data

Each vendor is named, contracted with a DPA, and minimised in scope. We add a new subprocessor only when a feature needs one — and update this list before the change goes live.

Neon (Postgres)
Primary application database. US region (us-east-1) today — matching the DPA's subprocessor table; EU data residency is planned, not yet offered. Point-in-time recovery enabled, encrypted at rest and in transit.
Vercel
Application hosting + edge functions. SOC 2 Type II.
Vercel Blob
Document/object storage for uploaded files (scores, parts, contracts, media). Served only through a gated, audited streaming route — never a public link to the raw object.
Resend
Transactional email (magic-link sign-in, engagement notifications). Webhook signatures verified server-side.
Airwallex
Subscription/payment-provider integration where configured. Engagement settlement is recorded manually during the founding period; we never store full card details.
Sentry (optional)
Error monitoring. Configured only when SENTRY_DSN is set. PII scrubbed before transmit.
Inngest
Durable background jobs (notification fan-out, digests, readiness recomputes). Event payloads carry record identifiers, not document contents.
Cloudflare Turnstile
Bot detection on public forms (apply, request-hold). Processes IP and browser signals at submit time; sees no account or workspace data.
AI provider (Anthropic, OpenAI, Groq, or OpenRouter — whichever is configured)
Used only when a workspace's AI drafting features are explicitly enabled — off entirely when no provider key is set. Prompts carry the minimum context for the task (the specific request or engagement text being drafted, not your document library), every output is a draft a person reviews before it is used, and your data is not used to train models. The active provider is the one configured for the deployment; we update this entry when it changes.

Data retention

How long we keep what

Business records carry legal retention obligations; operational telemetry does not. We treat them differently, and document each.

Engagement records
Kept for the life of the workspace + 7 years after closure (tax/legal). Includes requests, holds, quotes, contracts, invoices, audit logs.
Documents in vault
Kept as long as the workspace exists. Owner can delete on demand; superseded uploads are preserved in audit trail.
Authentication events
Sign-in attempts, MFA events, session creation: 12 months, enforced by a daily automated retention sweep (auth-class events only — engagement and business records follow their own published windows).
Health probe + analytics
Health endpoints log no PII. We do not run third-party analytics on the public site.
AI assistance runs
When a workspace enables AI features, each run is logged (task, model, token counts, approval outcome) for the audit trail and retained with the workspace's records. AI is off by default.

Compliance roadmap

Where we are on certification

We do not yet hold SOC 2 or ISO 27001. We will not say otherwise. The controls those audits examine — audit logging, tenant isolation, gated documents, MFA, defined retention — are live today and described above. What follows is the certification path, stated as targets, with honest status.

SOC 2 Type IIn preparation
Readiness assessment with a recognised platform (point-in-time control design). Targeted before larger US enterprise procurement.
SOC 2 Type IIPlanned
Begins after Type I: a multi-month observation window evidencing the controls operate over time. The report most US institutions ask for.
ISO 27001Planned
Stage 1 documentation review, then Stage 2 certification audit. The European procurement standard; matched to the orchestral market's centre of gravity.
GDPR + HK PDPOAvailable now
Data Processing Agreement template is downloadable from the Trust Center. Hong Kong company; US database region (us-east-1) today with EU residency planned; processor list published above.

Procurement teams: a security questionnaire response, the subprocessor list, our Data Processing Agreement, and current control evidence are available on request to security@kalinklo.com. Two of those artifacts are downloadable right now — no request needed:

Responsible disclosure

How to report a vulnerability

Mail security@kalinklo.com with reproduction steps. We acknowledge, triage, fix, and credit you on the timeline below. Do not test against another workspace's data without written authorisation.

  1. 01

    Initial acknowledgment

    Within 2 business days.

  2. 02

    Triage + severity

    Within 5 business days.

  3. 03

    Patch or remediation plan

    Critical: 7 days · High: 30 days · Medium: 90 days · Low: best-effort.

  4. 04

    Public disclosure

    By mutual agreement after patch deploys. Credit attribution if requested.

We don't currently run a paid bug-bounty programme. Severe findings may be recognised with a written letter and an account credit at our discretion.

Disclosure

Found a problem? Tell us.

If you discover behaviour at odds with anything above, write to the office — we answer.