How we handle your credentials.
Karta intermediates traffic to LLM providers, which means we see prompts, responses, and (for BYOK) your provider keys. We take that responsibility seriously.
Refreshed every minute via the in-cluster SystemHealthJob. Full uptime history and incidents at status.karta.sh.
Encryption
Customer API keys (the kt_live_ tokens) are stored as bcrypt digests - we never see the plaintext after creation. BYOK provider keys are AES-256-encrypted with a process-derived key (Rails MessageEncryptor on secret_key_base), decrypted only in process memory for the duration of one request.
- · bcrypt cost factor ≥ 12 on key digests
- · MessageEncryptor (AES-256-GCM) on BYOK rows
- · plaintext shown exactly once at mint time
Bring-your-own-key
On the Pro and Enterprise plans you can register your own Anthropic / OpenAI key. We encrypt at write, decrypt only on the proxy hot path, and never log the plaintext. Rotating yours is a single API call - old material is shredded from storage on revoke.
- · AES-256-GCM via Rails MessageEncryptor
- · per-org key material, not shared across tenants
- · last-four shown in UI; full value never returned
TLS, CSP, HSTS
HTTPS enforced via force_ssl in production with HSTS preload eligibility (1 year, includeSubDomains). Content-Security-Policy is no-wildcard script-src with nonces, plus frame-ancestors: none for clickjacking protection.
- · HSTS: max-age=31536000; includeSubDomains; preload
- · CSP nonces on every script tag; report-uri active
- · Webhooks refuse non-HTTPS and re-resolve at delivery
MFA: TOTP + WebAuthn
Every account can enroll a TOTP authenticator and one or more WebAuthn passkeys. Step-up auth is required for sensitive admin actions (deleting an org, rotating BYOK, viewing the audit export).
- · RFC 6238 TOTP, 30-second window, replay-protected
- · WebAuthn/FIDO2 passkeys with userVerification: preferred
- · Step-up via separate session flag, ~5 min freshness window
Audit log
Every key mint, key revoke, login, plan change, and budget event lands in an append-only audit log. Rows are readonly? at the model layer; a Postgres BEFORE UPDATE/DELETE trigger enforces immutability at the database even if a future migration changes app code.
- · trigger raises audit log is append-only on UPDATE/DELETE
- · retained at least 1 year; exportable on request
Rate limits
Rack::Attack with per-IP throttles on login, signup, password-reset, key mint, and checkout. Stripe webhook IP allowlist in production. Public abuse reporting at /abuse.
Sub-processors
Karta contracts these vendors as sub-processors. Sourced from config/sub_processors.yml - updated whenever a new vendor is onboarded.
| Vendor | Purpose | Data processed | Contact-of-record | Location |
|---|---|---|---|---|
| Stripe | Payments and subscription billing | Billing email, last 4 of card, charge amounts | privacy@stripe.com | United States (us-west) |
| Anthropic | LLM inference for non-BYOK requests | Prompt and response payloads proxied through karta-python | privacy@anthropic.com | United States |
| Hetzner Online GmbH | Control plane hosting and primary Postgres (accounts, organizations, billing, audit log) | Primary application database at rest - account, billing, and audit records | data-protection@hetzner.com | United States (Hillsboro, Oregon) |
| AWS (Amazon Web Services) | Data plane - agent session compute (Bedrock AgentCore), durable workspace/merge store (S3), per-session + transcript database (RDS) | Agent session state, workspace and merge artifacts, and hosted-chat transcripts at rest - encrypted with provider-managed keys | aws-privacy@amazon.com | us-east-1 |
| Postmark | Transactional email (confirmation, password reset, abuse reports) | Recipient email address, email body | privacy@postmarkapp.com | United States |
| Sentry | Application error monitoring and performance telemetry | Account/tenant identifiers (organization ID, user ID, role) and server-side error and performance diagnostics attached to exceptions and traces; secret values are scrubbed | privacy@sentry.io | United States |
Compliance
SOC 2 Type I targeting Q4 2026. Annual pen test. Disclose security issues per /.well-known/security.txt or the security policy. Bug bounty alongside Type I.