Security

Tork Chat is built on enterprise-grade security foundations. Every conversation is governed, encrypted, and audited.

AES-256-GCM EncryptedTLS 1.3SOC 2 Audit LogWCAG 2.1 AAGDPR Ready

Tork Govern — PII Scanning

Every inbound and outbound message passes through the Tork Govern L3/L6 pipeline before being stored or returned to the user. The pipeline detects and optionally redacts personally identifiable information including:

Full name, email, phone number
National ID / passport numbers
Credit card and bank account numbers
Home addresses and GPS coordinates
Medical record identifiers

Detection results are stored in chat_receipts with a boolean pii_detected flag. Admins see counts in the Dashboard → Governance panel.

AES-256-GCM Encryption

All data is encrypted at rest using AES-256-GCM and in transit using TLS 1.3. Encryption keys are rotated quarterly and managed via a dedicated key management service.

DatabaseAES-256-GCM at rest (Supabase)

NetworkTLS 1.3 (HSTS enforced)

Governance receiptsSHA-256 cryptographic hash

Vector embeddingsEncrypted in Supabase pgvector

Multi-Factor Authentication (MFA)

Tork Chat supports TOTP-based MFA (compatible with Google Authenticator, Authy, 1Password, etc.). Organisation admins can enforce MFA for all users on Pro+ plans.

Enrol MFAAdmin Portal → Settings → Security → Enable MFA

Backup codes10 single-use codes generated on enrolment

Enforce for orgSettings → Security → Require MFA (Pro+)

Bypass policyAdmins can issue temporary exemptions for recovery

SOC 2 Audit Logging

Every significant action — login, configuration change, document upload, role change — is recorded in an append-only audit log accessible in the Admin Portal under Audit Log.

Chat governance receipts are separately stored in chat_receipts and include the SHA-256 hash of the conversation content, enabling tamper-detection. Receipts are accessible via /verify/{tenant-slug}.

Rate Limiting

API requests are rate-limited per tenant on a rolling 60-second window. Limits are enforced at the edge before any database or LLM call is made, protecting against abuse and runaway costs.

See API Reference → Rate limits for limits per plan.

Topic Guard

Topic Guard prevents the chatbot from engaging with off-topic or harmful requests. Admins configure allowed and blocked topics in Widget Config → Topic Guard.

When a message is blocked, the API returns 451 Unavailable For Legal Reasons and the governance receipt records escalated: true.

Examples of blocked patterns: competitor mentions, medical advice, legal advice, hate speech, jailbreak prompts.

WCAG 2.1 AA Accessibility

The Tork Chat widget and Admin Portal are tested against WCAG 2.1 Level AA. Key compliance features:

Keyboard navigation — full tab order, visible focus rings
Screen reader support — ARIA labels, live regions for new messages
Colour contrast — minimum 4.5:1 on all text
Reduced motion — respects prefers-reduced-motion
Touch targets — minimum 48 × 48 px on mobile

Data Residency

Tork Chat is hosted on Supabase (primary region: AWS ap-southeast-2, Sydney) and Vercel (edge network). Data at rest is stored in Sydney by default.

Data at restAWS ap-southeast-2 (Sydney, Australia)

Edge computeVercel global edge network

LLM inferenceTork Chat Engine (Railway, EU / US)

GDPRData Processing Agreement available on Enterprise plan

Responsible disclosure

If you discover a security vulnerability, please report it to security@tork.network. We acknowledge all reports within 48 hours and aim to patch critical issues within 7 days. We do not pursue legal action against researchers who act in good faith.