Donutwork Docs
Security & Trust

Security & Trust

How Donutwork protects customer operations, API access, automation, and platform data.

Security & Trust

Donutwork is an API-first operating core for billing, workflow, partners, integrations, and SaaS operations. That means security is not a separate feature: it has to be present in authentication, API access, automation, background workers, and operational recovery.

This page summarizes the controls Donutwork uses today and the assurance package available for customer review. It does not claim formal certifications that are not yet completed.

Assurance Posture

  • Control-oriented platform: security controls are designed around tenant isolation, scoped API access, workflow traceability, and operational logging.
  • Certification status: formal certifications are not claimed here unless explicitly listed in a signed customer agreement.
  • Review model: security reviews can be supported with architecture notes, API permission maps, operational runbooks, and environment-specific subprocessor details.
  • Customer commitments: contractual uptime, support, data processing, and security commitments are governed by the applicable order form or agreement.

Core Controls

Tenant & Session Controls

Company-scoped routes, membership checks, idle timeout, OTP flows, and optional passkey-based delegated MFA.

Scoped API Access

Bearer authentication, OAuth scopes, route-level ACL, rate-limit headers, and explicit insufficient-scope responses.

Workflow Governance

Approval gates, retries, wait states, dead-letter handling, and trace records for event-driven operations.

Operational Traceability

Request IDs, workflow traces, structured operational logs, and triage paths for recurring billing, scheduler, and workflow flows.

Data Boundaries

MongoDB-backed company data, Redis/Memcached coordination, queue-based async work, and scoped access to business records.

Secret Handling

Runtime configuration is kept outside public documentation, and customer-facing materials avoid exposing credentials or sensitive config.

Platform Areas Covered

AreaWhat Donutwork Controls
Web app accessSession validation, company membership checks, OTP enforcement, safe post-login redirects.
Public APIBearer tokens, OAuth scope canonicalization, ACL checks, rate-limit headers, request IDs.
Billing operationsCharge state transitions, recurring renewal safeguards, structured logs for enqueue and renewal paths.
Workflow automationApproval gates, retries, waiting states, dead-letter records, trace visibility.
Email and contentTemplate path safety, preflight reporting, suppression-list handling, sensitive customer-field filtering.
Partner operationsPartner group rules, payout status constraints, recruitment anti-duplicate checks.
Media and filesFilename safety, MIME validation for image uploads, size and pixel limits, server-side re-encoding.

Data Handling

Donutwork stores operational records in MongoDB and uses Redis, Memcached, and Beanstalkd for cache, coordination, and async work. Email delivery, payments, mobile push, and selected external operations may rely on configured providers such as SMTP/PHPMailer, Stripe, PayPal, and APNS depending on the customer environment.

Customer-specific deployment details, subprocessors, retention settings, backup practices, and data residency expectations should be confirmed during onboarding or vendor review because they can vary by environment and contract.

Incident & Vulnerability Intake

If you suspect a vulnerability or operational incident:

  1. Contact your Donutwork support or account channel.
  2. Include the affected tenant, endpoint, request ID, approximate timestamp, and reproduction steps.
  3. Do not include plaintext secrets, private keys, passwords, or customer personal data unless a secure exchange path has been agreed.

Security reports are triaged by severity and routed to the relevant platform owner. Customer-facing notifications are handled according to the applicable agreement and incident impact.

Internal Reliability Targets

Donutwork tracks internal SLOs for API availability, API latency, workflow execution delay, queue health, recurring billing completion, webhook delivery, and incident response. These internal targets are used for engineering operations and do not replace customer-specific contractual SLAs.

Vendor Review Package

For enterprise evaluation, Donutwork can provide a review package covering:

  • platform architecture and data-flow overview;
  • API authentication and OAuth scope model;
  • security control summary;
  • operational SLO summary;
  • incident response workflow;
  • environment-specific subprocessor list when applicable;
  • support and escalation model.

On this page