Koinoflow

Security

Your processes, protected

Skills, processes, and usage logs are some of the most sensitive artifacts in an organization. Koinoflow is built on the principle that governance only works when the underlying platform is secure by default, including which agents can access which skills.

Need a DPA, deployment summary, or managed-service security document? [email protected]

How we protect your data

Open source and auditable

Koinoflow is open source, so you can inspect the code, review the deployment model, and decide whether to self-host or use managed hosting from audited source.

Connectors with bounded scope

Capture is rolling out incrementally. Current repo evidence covers Confluence connector work; additional document sources should be treated as roadmap or private preview until confirmed for your deployment.

Separate identities for people and agents

People and automated workers do not share the same access path. Admins can scope which skills each agent can use and rotate access without changing agent code.

Self-host or private deployment

Self-hosting puts Koinoflow on your own infrastructure and under your own security controls. Managed deployments can also be scoped for private environments and regional requirements.

Governance trail

Version history, named ownership, review cadences, selected-agent deployments, and usage analytics give teams a traceable record of what changed and what each agent consumed.

Managed-service documents on request

DPA terms, subprocessor details, deletion handling, and other managed-service security documents should be requested directly from Visionect so you get the current commitments rather than stale marketing copy.

Compliance & commitments

Where we stand

We believe in being explicit about what's live, what's in progress, and what we share on request.

Source code

Public

The product is open source, so security review can start from code you can inspect instead of a black-box questionnaire.

Self-hosting

Available

You can run Koinoflow on your own infrastructure and apply your own storage, network, encryption, and IAM controls.

Managed hosting docs

On request

Visionect can share the current DPA, subprocessor information, and hosted-environment details during procurement or security review.

Identity requirements

Deployment-specific

Google and GitHub OAuth are documented in the repo today. Enterprise IAM requirements should be confirmed explicitly for your environment.

Agent access

Included

Agent identities, selected-agent skill deployments, activation controls, and rotation workflows keep automated workers separate from human users.

Region and residency

Deployment-specific

Data location depends on where you self-host or what region is agreed for a managed deployment.

Commercial support terms

Contract-specific

SLAs, support response targets, and incident-notification commitments for managed hosting are commercial terms, not OSS product features.

Report a security issue

We want to hear from you

Koinoflow is open source, so you can also audit the code yourself on GitHub. If you believe you've discovered a security vulnerability, please report it confidentially to [email protected]. We acknowledge all reports within 2 business days. Please do not test against customer workspaces other than your own.

Have a procurement or security question?

Audit the source on GitHub, or talk to Visionect about managed hosting and current security documents for the environment you want to run.

View on GitHubTalk to us

Open source (MIT) · free to self-host · managed hosting by Visionect