KeepGrid

Security

Last updated: 2026-04-19

We treat security seriously because we're asking you to connect a bot to your community. Here's what we do, what we use, and how to reach us if you find an issue.

Security Posture

Infrastructure

  • Hosting: Vercel with TLS 1.3, HSTS, automatic SSL renewal.
  • Database: Neon PostgreSQL with encryption at rest (AES-256) and in transit (TLS).
  • Payments: Stripe (PCI DSS Level 1). We never see card numbers — only customer IDs and session IDs for reconciliation.
  • AI: Anthropic API over HTTPS. Claude Sonnet 4 with server-side rate limiting.
  • Secrets: Stored exclusively in Vercel encrypted environment variables. Never in code, never in client bundles.

Authentication

  • Sessions: HttpOnly, Secure, SameSite=Strict cookies. 30-day expiry.
  • Discord OAuth: CSRF state parameter validated on callback. No auto-linking by email to prevent takeover attacks.
  • Session tokens: 32-byte cryptographically random values, hashed in database lookups.

Application layer

  • Input validation: Zod schemas on every API route. No raw database writes.
  • XSS: All rendered markdown sanitized with DOMPurify before display.
  • SQL injection: Impossible — Prisma ORM with parameterized queries everywhere.
  • Prompt injection: User input wrapped in <server_context> tags with explicit model instructions to treat it as untrusted reference data.
  • Rate limiting: Per-IP limits on expensive endpoints:
    • AI preview: 5/10 min
    • Full generation: 3/hour
    • Discord API scan: 10/5 min
  • Stripe webhooks: Signature verified + idempotency guard on every event.
  • Discord invite validation: Strict URL parser, host allowlist (discord.gg, discord.com). Rejects anything else.

Discord bot

  • Minimal permissions: We request only what's needed. Full breakdown at /bot-permissions.
  • No message content intent: Bot cannot see messages.
  • No member intent: Bot doesn't track or cache member data.
  • Idempotent operations: Re-running install never duplicates or corrupts.
  • No background tasks: Bot only acts when you click a button.

Automated Testing

Every deploy runs:

  • 63 Jest tests covering document generation, AI fallback, input validation, markdown rendering.
  • TypeScript strict mode — no implicit any, no untyped boundaries.
  • Next.js build validation — fails on broken imports, bad routes, or invalid metadata.

Data Handling

  • Encryption: TLS 1.3 in transit, AES-256 at rest.
  • Minimal collection: We only store what we need to deliver the product. See /privacy for the full list.
  • No training on your data: Per Discord Developer Policy, we never use your data to train AI models.
  • Right to delete: One email removes everything. See /data-deletion.

Responsible Disclosure

Found a vulnerability? Please report it to ops@keepgrid.net. Include:

  • Steps to reproduce
  • Impact / affected endpoints
  • Your contact info (so we can credit you if you want)

We'll respond within 24 hours and work with you on coordinated disclosure. Please don't publicly disclose until we've had a chance to fix.

What You Should Do

  • Use a dedicated Discord account if you're setting up a server for a client.
  • Review bot permissions after install and remove anything you don't need going forward.
  • Keep your Discord OAuth session secure — don't share screen while your dashboard is open.
  • Report anything suspicious immediately to the contact above.

Past Incidents

None. If any incident occurs, we will publish details on /status and /changelog within 72 hours.

Compliance

  • GDPR: data portability, deletion, and rectification supported.
  • CCPA: California privacy rights honored.
  • Discord Developer Policy: compliant. We never scrape, store message content, or use Discord data for AI training.
  • Stripe: PCI DSS Level 1 via hosted checkout — we don't handle cards directly.

Contact

Security team: ops@keepgrid.net.