{"name":"The Leo King Business Intelligence API Security Packet","version":"v1","status":"public-contract","contractVersion":"2026-07-07.enterprise-trust-console-audit-webhook-versioning-limits-examples-support-procurement-conformance-data-processing-launch-readiness-access-control-compliance-map-ai-governance-v1","lastReviewedAt":"2026-07-07","scope":"Public security, trust, data handling, and enterprise review metadata. This is not a substitute for signed customer-specific terms.","controls":[{"name":"Server-Side API Keys","status":"live","scope":"API keys are accepted only through the `x-api-key` header on server-to-server requests.","partnerExpectation":"Store keys in a backend secret manager or server env. Never ship keys in browser, mobile, or client-side code.","evidence":"Auth middleware rejects missing or invalid keys and public docs show backend-only usage examples."},{"name":"Dedicated HTTPS Gateway","status":"live","scope":"Production clients use `https://api.theleokingai.com` with clean `/v1/*` routing.","partnerExpectation":"Pin production clients to the dedicated gateway and keep the legacy website host only for alpha compatibility.","evidence":"Gateway DNS, OpenAPI servers, Postman baseUrl, SDK defaults, and gateway smoke all target the dedicated host."},{"name":"Scoped Endpoint Access","status":"beta","scope":"Keys can be limited by endpoint, plan, lane, and monthly credit state.","partnerExpectation":"Request only the lanes and endpoints needed for the customer workflow.","evidence":"API-key validation checks endpoint scope, organization status, key status, and credit limit before paid route execution."},{"name":"Retry-Safe Usage Records","status":"beta","scope":"Idempotency-Key and request_id preserve billing and support traceability.","partnerExpectation":"Send stable idempotency keys for retries and include request_id in support tickets.","evidence":"Buyer-path smoke verifies live response usage and Convex `usageEvents` rows by exact request_id."},{"name":"No Fallback Success For AI Output","status":"live","scope":"Fallback-looking or incomplete AI output is a failed product response, not a successful billable response.","partnerExpectation":"Treat `INVALID_RESPONSE` or `UPSTREAM_FAILED` as retry/escalation conditions instead of rendering degraded content.","evidence":"Quality checks fail fallback phrases, missing sections, malformed schemas, and local path leaks before success."},{"name":"Data Minimization","status":"live","scope":"API payloads should use customer ids and birth data required for the selected endpoint.","partnerExpectation":"Avoid sending names, payment data, unrelated profile fields, or freeform PII unless a route explicitly requires it.","evidence":"Docs and trust page publish the collection boundary; request schemas keep required fields narrow."},{"name":"Rate Limits And Abuse Guard","status":"beta","scope":"Production mode enforces rate limits through Upstash or Vercel marketplace Redis aliases.","partnerExpectation":"Use backoff on 429 responses and coordinate enterprise limits before load tests.","evidence":"Production env gate requires `API_RATE_LIMIT_MODE=enforce` and Redis credentials for remote production traffic."},{"name":"Enterprise Security Review","status":"enterprise","scope":"Private DPA, custom retention terms, IP allowlists, signed audit export packages, and dedicated incident contacts.","partnerExpectation":"Request contract review before regulated, high-volume, or custom-data deployments.","evidence":"Public security packet identifies current controls, console audit visibility, and remaining signed-contract work without exposing secret config."}],"dataRetention":[{"category":"API Request Metadata","status":"beta","retention":"Usage ledger retains request_id, endpoint, lane, credits, billable units, model metadata, and timestamps for billing/support reconciliation.","handling":"Do not include full secrets or raw payloads in support tickets; provide request_id and sanitized payload shape."},{"category":"Birth Data Payloads","status":"live","retention":"Processed for deterministic chart calculation and model context; persistent storage is limited to endpoint-specific product records when required.","handling":"Use customer ids and only the birth fields needed for the route. Avoid names and unrelated personal profile data."},{"category":"Generated AI Outputs","status":"beta","retention":"Outputs may be retained where needed for async jobs, quality review, support, or partner-visible history.","handling":"AI output must meet the same product contract after retries; fallback-shaped output should be escalated as a quality incident."},{"category":"Billing And Entitlement Records","status":"beta","retention":"Plan state, credit balances, subscription state, and usage counters are retained for billing operations.","handling":"Payment instruments are handled by Clerk/Stripe rather than stored directly in this API surface."},{"category":"Support Evidence","status":"live","retention":"Support packets should include request_id, endpoint, UTC timestamp, key prefix only, and sanitized payload shape.","handling":"Never send raw API keys, bearer tokens, payment details, or complete private payloads in email or chat."},{"category":"Raw Secrets","status":"live","retention":"Raw API keys and provider secrets must not be logged, committed, or returned by public routes.","handling":"Rotate any exposed secret immediately and replace it with a managed environment variable."}],"subprocessors":[{"name":"Vercel","purpose":"Next.js hosting, edge routing, logs, and deployment rollback.","dataScope":"Request metadata, route execution, environment variable names, and runtime logs.","status":"live"},{"name":"Convex","purpose":"API key validation, usage ledger, entitlement state, and billing/event records.","dataScope":"Organization ids, key hashes/prefixes, usage events, billing state, and support metadata.","status":"beta"},{"name":"Clerk","purpose":"Customer console authentication, organizations, billing state, and checkout integration.","dataScope":"Authenticated user/org profile metadata, plan state, and billing webhook events.","status":"beta"},{"name":"Stripe","purpose":"Payment processing through Clerk Billing and Stripe-connected checkout.","dataScope":"Payment and subscription data handled by the billing provider, not by raw API route storage.","status":"beta"},{"name":"OpenAI Or RunPod","purpose":"Model-backed generation for AI Intelligence routes when enabled by production config.","dataScope":"Sanitized prompts, schema instructions, and route-specific context required to produce the requested output.","status":"beta"},{"name":"Render","purpose":"Kerykeion sidecar hosting for deterministic astrology calculation.","dataScope":"Birth data and calculation inputs needed for chart, transit, synastry, compatibility, and lunar computations.","status":"beta"},{"name":"Upstash","purpose":"Distributed rate limit state and abuse protection.","dataScope":"Request counters, endpoint/key identifiers, and rate-limit windows.","status":"beta"},{"name":"Sentry","purpose":"Error monitoring, release visibility, and source-map assisted debugging.","dataScope":"Error events, stack traces, route context, release id, and redacted runtime diagnostics.","status":"beta"}],"securityTxt":{"contact":"mailto:partners@theleokingai.com","canonical":"https://theleokingai.com/.well-known/security.txt","policy":"https://theleokingai.com/api/v1/security","preferredLanguages":"en","expiresDays":180},"enterpriseNotes":{"signedTerms":"DPAs, custom retention, IP allowlists, long-range audit export packages, private model/data terms, and dedicated incident contacts require signed enterprise terms.","supportPacket":"Send request_id, endpoint, UTC timestamp, key prefix only, and sanitized payload shape. Never send raw keys or full secrets."},"links":{"docs":"/api-docs","trust":"/trust","securityTxt":"/.well-known/security.txt","accessControl":"/api/v1/access-control","observability":"/api/v1/observability","onboarding":"/api/v1/onboarding","support":"/api/v1/support","procurement":"/api/v1/procurement","conformance":"/api/v1/conformance","dataProcessing":"/api/v1/data-processing","compliance":"/api/v1/compliance","status":"/api/v1/status","sla":"/api/v1/sla","incidents":"/api/v1/incidents"}}