Security policy

Security

Report suspected TekConnect security issues to security@tekconnect.app.

Do Not Send Secrets

Do not include Tekmetric credentials, session cookies, bearer tokens, customer personal data, or shop secrets in reports. Use [REDACTED] for sensitive values.

Current Security Scope

The current scope is a private mock-data vertical slice with OAuth token validation, tenant isolation, browser companion payload validation, lifecycle endpoints, and read-only MCP tools.

Out Of Scope For The Mock Slice

Production Tekmetric extraction, scraping, browser-network interception, credential collection, and write-capable tools are not implemented.