Security & Trust
How Donutwork protects customer operations, API access, automation, and platform data.
Security & Trust
Donutwork is an API-first operating core for billing, workflow, partners, integrations, and SaaS operations. That means security is not a separate feature: it has to be present in authentication, API access, automation, background workers, and operational recovery.
This page summarizes the controls Donutwork uses today and the assurance package available for customer review. It does not claim formal certifications that are not yet completed.
Assurance Posture
- Control-oriented platform: security controls are designed around tenant isolation, scoped API access, workflow traceability, and operational logging.
- Certification status: formal certifications are not claimed here unless explicitly listed in a signed customer agreement.
- Review model: security reviews can be supported with architecture notes, API permission maps, operational runbooks, and environment-specific subprocessor details.
- Customer commitments: contractual uptime, support, data processing, and security commitments are governed by the applicable order form or agreement.
Core Controls
Tenant & Session Controls
Company-scoped routes, membership checks, idle timeout, OTP flows, and optional passkey-based delegated MFA.
Scoped API Access
Bearer authentication, OAuth scopes, route-level ACL, rate-limit headers, and explicit insufficient-scope responses.
Workflow Governance
Approval gates, retries, wait states, dead-letter handling, and trace records for event-driven operations.
Operational Traceability
Request IDs, workflow traces, structured operational logs, and triage paths for recurring billing, scheduler, and workflow flows.
Data Boundaries
MongoDB-backed company data, Redis/Memcached coordination, queue-based async work, and scoped access to business records.
Secret Handling
Runtime configuration is kept outside public documentation, and customer-facing materials avoid exposing credentials or sensitive config.
Platform Areas Covered
| Area | What Donutwork Controls |
|---|---|
| Web app access | Session validation, company membership checks, OTP enforcement, safe post-login redirects. |
| Public API | Bearer tokens, OAuth scope canonicalization, ACL checks, rate-limit headers, request IDs. |
| Billing operations | Charge state transitions, recurring renewal safeguards, structured logs for enqueue and renewal paths. |
| Workflow automation | Approval gates, retries, waiting states, dead-letter records, trace visibility. |
| Email and content | Template path safety, preflight reporting, suppression-list handling, sensitive customer-field filtering. |
| Partner operations | Partner group rules, payout status constraints, recruitment anti-duplicate checks. |
| Media and files | Filename safety, MIME validation for image uploads, size and pixel limits, server-side re-encoding. |
Data Handling
Donutwork stores operational records in MongoDB and uses Redis, Memcached, and Beanstalkd for cache, coordination, and async work. Email delivery, payments, mobile push, and selected external operations may rely on configured providers such as SMTP/PHPMailer, Stripe, PayPal, and APNS depending on the customer environment.
Customer-specific deployment details, subprocessors, retention settings, backup practices, and data residency expectations should be confirmed during onboarding or vendor review because they can vary by environment and contract.
Incident & Vulnerability Intake
If you suspect a vulnerability or operational incident:
- Contact your Donutwork support or account channel.
- Include the affected tenant, endpoint, request ID, approximate timestamp, and reproduction steps.
- Do not include plaintext secrets, private keys, passwords, or customer personal data unless a secure exchange path has been agreed.
Security reports are triaged by severity and routed to the relevant platform owner. Customer-facing notifications are handled according to the applicable agreement and incident impact.
Internal Reliability Targets
Donutwork tracks internal SLOs for API availability, API latency, workflow execution delay, queue health, recurring billing completion, webhook delivery, and incident response. These internal targets are used for engineering operations and do not replace customer-specific contractual SLAs.
Vendor Review Package
For enterprise evaluation, Donutwork can provide a review package covering:
- platform architecture and data-flow overview;
- API authentication and OAuth scope model;
- security control summary;
- operational SLO summary;
- incident response workflow;
- environment-specific subprocessor list when applicable;
- support and escalation model.