Security at OINK

Current posture

OINK uses layered controls for account access, session protection, private data handling, application hardening, and production operations. The service is not currently certified against SOC 2, ISO 27001, PCI DSS, or similar formal assurance frameworks.

Our security work is guided by practical industry standards and principles, including recognised web application security risks, least-privilege access, privacy-by-design, data minimisation, and documented operational review.

Account security

OINK supports account protections intended to reduce account takeover risk and help users notice unexpected access. Signed-in users can manage available security settings from their profile.

Application and data controls

Private account, planner, run, event, and profile data is protected by application-level access controls. Sensitive integration credentials are treated as confidential, and operational records are retained only for limited service, security, legal, and integrity purposes.

Hosting and edge security

OINK runs on managed production infrastructure with controlled deployment, managed data storage, encrypted transport, and edge protections. We keep public infrastructure details high level so this page is useful without publishing operational configuration.

Operational controls

OINK maintains internal operational security procedures for production resilience, access review, secret handling, dependency review, and incident response.

These procedures are documented internally because they include operational detail that should not be published, such as provider configuration, access paths, evidence records, and incident handling notes.

AI, integrations, and third parties

Some OINK features use third-party providers for hosting, email delivery, analytics, AI processing, payments, and optional integrations. The privacy notice explains the main provider categories and data sharing purposes.

AI planner features are optional planning support only. Avoid entering unnecessary sensitive information, and do not rely on AI output as medical, coaching, legal, safety, or emergency advice. See the terms for the full AI and outdoor safety disclaimer.

Standards alignment

OINK's current posture is best described as standards-informed rather than independently certified. We aim to align with recognised web application security and privacy practices, including OWASP risk categories and GDPR principles such as transparency, data minimisation, purpose limitation, security, retention control, and user rights.

We avoid claiming formal certification until the relevant operational evidence, audit process, and ongoing controls are in place.

Responsible disclosure

To report a security or privacy concern, use the support form or email enquire@kekeno.tech. Please include enough detail for us to understand and reproduce the issue.

Please act in good faith: do not access, modify, delete, retain, or disclose other people's data; do not disrupt OINK or third-party services; do not attempt social engineering, spam, denial-of-service, or physical attacks; and stop testing once you have enough information to make a report.

We do not currently operate a paid bug bounty programme. We aim to review good-faith reports and prioritise fixes based on severity, exploitability, affected users, and operational risk.

Account safety reminders

You can help protect your account by using a strong, unique password for OINK, not reusing passwords from other services, not sharing your password or login codes, and enabling two-factor authentication from profile settings.

OINK will never ask you to send us your password or authenticator code by email or support message.

Changes

This page may be updated as OINK's controls, hosting setup, providers, or assurance posture changes.

Last updated: 10 June 2026.