> ## Documentation Index
> Fetch the complete documentation index at: https://ulpi.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

# Security & Privacy

> How ULPI.io keeps your documentation secure and isolated

## Our Security Promise

ULPI.io treats your documentation like the sensitive intellectual property it is. We implement multiple layers of security to ensure:

* ✅ Your docs are never visible to other tenants
* ✅ API keys are encrypted and securely stored
* ✅ All communication is encrypted in transit
* ✅ Data is encrypted at rest
* ✅ You can delete your data at any time

## Tenant Isolation

### What is a Tenant?

A **tenant** is your organization's isolated environment in ULPI. When you sign up, we create a tenant that contains:

* Your repositories
* Your documentation
* Your API keys
* Your team members
* Your usage data

Think of it as your own private instance within ULPI.

### How Isolation Works

<Steps>
  <Step title="Separate Collections">
    Each tenant gets a dedicated Typesense collection. Your documentation is physically separated from other users' data.
  </Step>

  <Step title="Database Filtering">
    Every database query automatically includes your tenant ID. It's impossible to accidentally query another tenant's data.
  </Step>

  <Step title="API Key Scoping">
    API keys are tied to exactly one tenant. A key can only access that tenant's documentation - no exceptions.
  </Step>

  <Step title="Application-Level Checks">
    Our code validates tenant ownership at multiple layers, not just at the API boundary.
  </Step>
</Steps>

### Technical Implementation

```php theme={null}
// Every search query includes tenant ID
$results = $searchService->search(
    tenant: $authenticatedTenant,  // ← Enforced by middleware
    query: $query
);

// Typesense collection is tenant-specific
$collection = "tenant_{$tenant->id}_documents";

// Database models auto-scope by tenant
Repository::query()
    ->where('tenant_id', $tenant->id)  // ← Added automatically
    ->get();
```

<Info>
  **For Technical Users**: We use Laravel's Global Scopes to automatically filter all queries by tenant ID. This prevents accidental cross-tenant access even if we write buggy code.
</Info>

## API Key Security

### How Keys Are Stored

1. **Generation**: Keys are generated using cryptographically secure random bytes
2. **Hashing**: Full key is hashed with bcrypt before storage
3. **Storage**: Only the hash is stored, never the plaintext key
4. **Display**: Full key is shown once during creation, then never again

```
Your API key: ulpi_live_abc123def456...     (shown once)
Stored hash:  $2y$10$randomhash...          (stored in database)
```

### Key Validation

When you use an API key:

<Steps>
  <Step title="Extract Key">
    ULPI extracts the Bearer token from your Authorization header
  </Step>

  <Step title="Find Token">
    We look up the token by its prefix for performance
  </Step>

  <Step title="Verify">
    The key is verified against the stored hash using bcrypt
  </Step>

  <Step title="Check Validity">
    We verify the key hasn't expired, been revoked, or exceeded rate limits
  </Step>

  <Step title="Load Tenant">
    The key's associated tenant is loaded and attached to the request
  </Step>
</Steps>

### Key Scopes

Scopes limit what an API key can do:

| Scope            | Permissions                |
| ---------------- | -------------------------- |
| `mcp:search`     | Search documentation       |
| `mcp:get_doc`    | Retrieve full documents    |
| `mcp:list_repos` | List repositories          |
| `repo:read`      | Read repository metadata   |
| `repo:write`     | Modify repository settings |

**Principle of Least Privilege**: Only grant scopes that are absolutely necessary.

<Tip>
  For MCP clients (Claude Desktop, VSCode), only these scopes are needed:

  * `mcp:search`
  * `mcp:get_doc`
  * `mcp:list_repos`
</Tip>

## Data Encryption

### In Transit

All communication with ULPI is encrypted:

* **HTTPS/TLS 1.3** for all API endpoints
* **Strong cipher suites** only (no weak encryption)
* **HSTS headers** to prevent downgrade attacks
* **Certificate pinning** for mobile apps (coming soon)

### At Rest

Your data is encrypted when stored:

* **Database**: AES-256 encryption for sensitive fields
* **File storage**: S3 server-side encryption
* **Backups**: Encrypted before upload
* **Logs**: Sanitized to remove sensitive data

## Authentication

### OAuth 2.0

When you sign up with Google or GitHub:

* We never see your password
* We only request minimal permissions
* You can revoke access anytime
* OAuth tokens are encrypted in our database

### Sanctum Sessions

Frontend API authentication uses Laravel Sanctum:

* HTTP-only cookies (safe from XSS)
* CSRF protection on all mutations
* Session expiration after inactivity
* Device-specific tokens

## Rate Limiting

To protect against abuse, ULPI enforces rate limits:

| Tier       | Rate Limit  | Burst   |
| ---------- | ----------- | ------- |
| Free       | 10 req/min  | 20 req  |
| Pro        | 100 req/min | 200 req |
| Enterprise | Custom      | Custom  |

Rate limits are per API key, not per user, so teams can share keys safely.

## Audit Logging

Every MCP request is logged:

```php theme={null}
MCP Request Log {
  tenant_id: 123
  api_key_id: 456
  tool_name: "search_documentation"
  request_params: { "query": "auth" }
  response_code: 200
  tokens_used: 450
  timestamp: 2025-01-18T10:30:00Z
}
```

You can review logs in the ULPI dashboard to:

* Monitor API key usage
* Detect suspicious activity
* Debug integration issues
* Track token consumption

## Data Privacy

### What We Collect

**We do collect:**

* Documentation content (to index and search)
* Repository metadata (names, URLs, branches)
* Usage statistics (search queries, API calls)
* Account information (email, name from OAuth)

**We never collect:**

* Passwords (we use OAuth only)
* Credit card numbers (handled by Stripe)
* Private keys or credentials from your repos
* Personal data from your documentation

### Data Retention

| Data Type     | Retention                       |
| ------------- | ------------------------------- |
| Documentation | Until you delete the repository |
| API keys      | Until you revoke them           |
| Usage logs    | 90 days                         |
| Account data  | Until you delete your account   |
| Backups       | 30 days                         |

### Data Deletion

You own your data and can delete it anytime:

<Steps>
  <Step title="Delete Repositories">
    Go to Repositories → Remove to stop indexing and delete docs
  </Step>

  <Step title="Revoke API Keys">
    Go to API Keys → Revoke All to invalidate all keys
  </Step>

  <Step title="Delete Account">
    Go to Settings → Delete Account to remove all data
  </Step>
</Steps>

<Warning>
  Account deletion is **permanent** and **immediate**. All data is deleted within 24 hours and cannot be recovered.
</Warning>

## Compliance

ULPI.io is committed to regulatory compliance:

<CardGroup cols={2}>
  <Card title="GDPR Compliant" icon="shield-check">
    Full compliance with EU data protection regulations
  </Card>

  <Card title="CCPA Compliant" icon="scale-balanced">
    California Consumer Privacy Act compliance
  </Card>

  <Card title="SOC 2 Type II" icon="certificate">
    In progress - Expected Q2 2025
  </Card>

  <Card title="ISO 27001" icon="building-shield">
    In progress - Expected Q3 2025
  </Card>
</CardGroup>

### GDPR Rights

Under GDPR, you have the right to:

* **Access** your data (export from dashboard)
* **Rectify** incorrect data (edit in dashboard)
* **Erase** your data (delete account)
* **Port** your data (API export available)
* **Object** to processing (opt-out of analytics)

Email [privacy@ulpi.io](mailto:privacy@ulpi.io) to exercise these rights.

## Security Best Practices

### For Users

<AccordionGroup>
  <Accordion title="Protect Your API Keys">
    * Never commit keys to Git
    * Don't share keys in Slack/Discord
    * Use environment variables
    * Rotate keys every 90 days
    * Use separate keys per environment
  </Accordion>

  <Accordion title="Use Restricted Tokens">
    * Always choose "Restricted" token type
    * Only enable required scopes
    * Set expiration dates
    * Review key usage regularly
  </Accordion>

  <Accordion title="Monitor Usage">
    * Check "Last Used" timestamps
    * Review usage logs for anomalies
    * Set up billing alerts
    * Revoke unused keys
  </Accordion>

  <Accordion title="Secure Your Account">
    * Use strong OAuth password
    * Enable 2FA on GitHub/Google
    * Review authorized applications
    * Use unique email per service
  </Accordion>
</AccordionGroup>

### For Organizations

<AccordionGroup>
  <Accordion title="Access Control">
    * Create separate tenants per team
    * Use role-based access (coming soon)
    * Implement key rotation policy
    * Audit key access quarterly
  </Accordion>

  <Accordion title="Network Security">
    * Whitelist ULPI IPs if possible
    * Use VPN for sensitive work
    * Monitor network traffic
    * Implement DLP policies
  </Accordion>

  <Accordion title="Documentation Hygiene">
    * Don't commit secrets to docs
    * Use `.ulpiignore` for sensitive files
    * Review indexed content regularly
    * Redact before indexing
  </Accordion>
</AccordionGroup>

## Vulnerability Disclosure

Found a security issue? We appreciate responsible disclosure.

### Reporting Process

1. **Email** [security@ulpi.io](mailto:security@ulpi.io) with details
2. **Do not** publicly disclose until we've patched
3. **Include** steps to reproduce
4. **Wait** for our response (within 48 hours)

### Bounty Program

We offer rewards for valid security vulnerabilities:

* **Critical**: $500-$2,000
* **High**: $250-$500
* **Medium**: $100-$250
* **Low**: $50-$100

See [ulpi.io/security](https://ulpi.io/security) for full policy.

## Infrastructure Security

### Cloud Providers

ULPI uses enterprise-grade infrastructure:

* **Primary**: AWS (us-east-1, eu-west-1)
* **Database**: AWS RDS with encryption
* **Search**: Typesense Cloud with isolation
* **CDN**: CloudFlare with DDoS protection

### Network Security

* DDoS mitigation via CloudFlare
* Web Application Firewall (WAF)
* IP-based rate limiting
* Automated threat detection

### Operational Security

* 24/7 monitoring with PagerDuty
* Automated security patching
* Regular penetration testing
* Incident response plan

## Questions?

<CardGroup cols={2}>
  <Card title="Security Concerns" icon="shield" href="mailto:security@ulpi.io">
    Email [security@ulpi.io](mailto:security@ulpi.io)
  </Card>

  <Card title="Privacy Questions" icon="user-lock" href="mailto:privacy@ulpi.io">
    Email [privacy@ulpi.io](mailto:privacy@ulpi.io)
  </Card>
</CardGroup>

Last updated: January 2025