KimiShip

Trust & security

Security & Privacy

KimiShip is built around the principle that your content and brand data belong to you. Here is what that means in practice.

WorkOS authentication

All sign-in flows run through WorkOS AuthKit — an enterprise-grade identity platform. KimiShip never stores or handles passwords directly. Sessions are short-lived, signed JWTs; the remote MCP connector validates every request against your session token before executing any tool.

Owner-scoped data

Every draft, brand profile, and content idea is tagged with your owner ID from the moment it is created. All database queries enforce this scope at the query layer — no cross-tenant reads are possible by design. Postgres row-level security provides a second enforcement layer on top of application logic.

Audit log

Every write action (create draft, update status, approve, export) is recorded in an append-only audit log. The log stores what happened and who triggered it — never the draft body or brand copy. You can verify what changed in your workspace without exposing content to the audit trail.

No own text LLM API

KimiShip does not call any text generation model on your behalf. Claude is the only writer — running in your own Claude.ai session, under your own account. KimiShip receives only the structured outputs you choose to save. Your words never flow through a third-party AI API that KimiShip controls.

Optional OpenAI images

If you enable image generation, KimiShip uses your own OpenAI API key only for confirmed image requests. The MVP sends the image prompt, technical generation options, and a pseudonymous user value to OpenAI; it does not send draft bodies, brand examples, social tokens, logos, fonts, or reference images. Generated images are stored back in KimiShip's image store.

Transport security

All traffic between Claude and the KimiShip MCP server is over HTTPS. The remote MCP endpoint uses OAuth 2.1 + PKCE (RFC 8707, RFC 9728) for authorisation. Connector tokens are short-lived and scoped to the authenticated user. The connector is hosted on Railway with TLS termination at the edge.

Infrastructure

The KimiShip app and MCP connector run on Railway (EU region). The database is Neon Postgres with connection pooling. The public website is a static Astro build served from Cloudflare Pages — it has no connection to the app runtime, the database, or the MCP server.

Questions about security?

KimiShip is an early product. Security practices described here reflect the current production system. If you discover a potential security issue, please contact us directly rather than posting publicly.