Security
Last updated July 4, 2026
Plain answers for the person at your agency who asks. We claim only what's true today — no badge-wall.
Access
- The platform is invite-only. An admin at your agency controls who's on the member list, their role, and their usage caps — and can disable an account instantly.
- Sign-in is a six-digit email code (WorkOS) — no passwords to leak or reuse.
Isolation & audit
- Each agency is a separate workspace; files never cross tenant lines.
- Every data pull, AI call, report run, and download is logged per file. "Where did this number come from" always has an answer.
- Share links are expiring, revocable tokens — no login required for the recipient, no edit access ever.
Data handling
- No payment card data exists anywhere in the system — the product is free.
- Demographic and neighborhood signals are firewalled: displayed for context at most, never used to gate a verdict.
- Rating payloads are pseudonymized and linted for personally identifying information before they leave the platform.
Reporting a vulnerability
Email team@kodarisk.com (see security.txt). We read every report and respond quickly.