Security policy

Security

Report suspected TekConnect security issues to [email protected].

Do Not Send Secrets

Do not include Tekmetric credentials, session cookies, bearer tokens, customer personal data, or shop secrets in reports. Use [REDACTED] for sensitive values.

Current Security Scope

The current scope is a private AuthHub beta with OAuth token validation, tenant isolation, customer-authorized connector capture, lifecycle endpoints, and read-only MCP tools.

Out Of Scope For The Beta

Tekmetric password collection, browser-network interception, public logging of session artifacts, and write-capable Tekmetric tools are not implemented.