Security

Security posture for a focused v0.1 API.

VeracityAPI keeps the security surface deliberately small: Cloudflare Worker, D1, bearer API keys, privacy-safe media logging, request IDs, and explicit non-forensic limitations.

Controls in place

Bearer API keys; keep them server-side.
Default no raw text retention via privacy-safe defaults.
No persisted raw media bytes/base64/full media URLs.
Security headers and restricted browser CORS.
Public /.well-known/security.txt for disclosure contact.

Responsible disclosure

Email security reports to security@veracityapi.com. Include reproduction steps, affected endpoint, impact, and whether any data was accessed. Do not attack customer data or disrupt service.

Not yet claimed

No SOC 2, formal bug bounty, external pentest, enterprise SLA, or DPA is claimed for v0.1 unless separately agreed in writing.

Internal links

Explore VeracityAPI

What VeracityAPI detects

Map text slop, image forgery, audio, and workflow-risk signals to routing actions.

Error handling

Production retry, billing, auth, and validation behavior for agent integrations.

Copy-paste examples

Drop-in wrappers for LangChain, queues, cron jobs, and moderation pipelines.

MCP tools

Expose VeracityAPI to Claude Desktop, Cursor, Claude.ai connectors, and compatible clients.