DocKosha
Security

Security controls for secure document sharing

DocKosha combines infrastructure-level safeguards with practical room controls like watermarking, gating, download restrictions, and auditability. This page describes what is implemented today.

Book a walkthroughExplore features

Security controls at a glance

This page is a plain-English overview for customer security reviewers. If you need specifics for a questionnaire, contact us.

Baseline

Encryption in transit & at rest

Data is encrypted in transit with TLS and at rest with AES-256 on Supabase-managed infrastructure.
Access

Authentication

Passwordless magic links and Google OAuth via Supabase Auth. Session handling is server-assisted for safer public-room and document-access flows.
RBAC

Role-based access control

Workspace roles (owner/editor/viewer) and workspace-scoped permissions help prevent accidental over-sharing.
Database

Row Level Security (RLS)

Database policies enforce workspace scoping and role-aware permissions, so users only see what they’re allowed to access.
Links

Secure sharing controls

Link controls like access gating, allowlists and blocklists, expirations, NDA templates, presets, and download restrictions help teams share sensitive material with less risk.
Audit

Internal audit logs

Internal audit logs help workspace owners understand team activity across documents and data rooms.
Deterrence

Dynamic watermarking

Watermarks add accountability during viewing and downloads, reducing the risk of casual leaks or forwarding.
Privacy

Privacy-first analytics

Engagement signals help teams understand what was viewed without defaulting to unnecessary personal data collection.
Ops

Operational monitoring

Production monitoring via Sentry helps detect errors and performance regressions quickly without exposing secrets to the client.

How DocKosha approaches security

We treat secure sharing as a product capability, not a marketing checkbox. Encryption matters, but practical risk reduction depends on whether policy is enforced at room, link, folder, and document levels.

Policy controls for live sharing

DocKosha focuses on controls that still matter after a room goes live:

  • Link-level permissions for view and download behavior
  • Gating like verification, allowlists or blocklists, and NDA terms
  • Expiration and revocable access patterns
  • Watermarking for accountability and deterrence

Privacy and analytics boundaries

Teams often need to know what was opened, revisited, or downloaded. Viewer analytics are designed to surface those signals while minimizing sensitive data collection.

  • We avoid storing raw IP addresses
  • Identity is collected only when link settings require it
  • Events focus on viewing, downloads, and time spent
  • PostHog product analytics and replay stay off until consent is granted

What this means in practice

In plain English: DocKosha helps teams control who can open sensitive materials, what they can do after opening them, and what activity internal users can review later.

  • Use gated access for contracts, financials, and other sensitive files
  • Apply watermarking when documents move outside the firm
  • Review audit logs and analytics to support internal follow-up

Claims we do not make

We keep this page explicit so buyers can verify controls quickly.

  • We describe TLS in transit and AES-256 at rest on Supabase-managed infrastructure.
  • We do not claim SOC 2, ISO, HIPAA, or specific CSP/HSTS hardening status on this page.
  • We can provide implementation details for current controls through security review conversations.

Reporting a vulnerability

If you believe you’ve found a security issue, email us with steps to reproduce and any relevant logs or screenshots.

Email supportPlease avoid sharing sensitive customer data in the initial report.