Security

Launch security and trust posture

Launch scope

Kontovu is launching as a US-only finance workspace with review-first bookkeeping, budgeting, receipt and screenshot capture, Stripe ingestion, forwarded email import, CSV exports, and workspace-level audit controls.

Security controls

The launch build uses isolated kontovu_* tables, hardened upload validation, signed webhook verification, origin checks on write routes, browser security headers, and admin MFA enforcement when the production flag is enabled.

What we do not claim

We do not market bank-feed coverage, SOC 2 certification, or fully automated ledger posting as part of this launch. Those are future milestones, not current promises.

Operator readiness

Workspace owners can inspect billing posture, webhook health, failed jobs, security events, and exportable audit history directly inside settings before inviting a wider team.