Security at Tempo
Last updated: July 9, 2026 · Kinetic Studio Inc.
Tempo handles sensitive work data, so we design access around user-scoped records, server-side credentials, narrow provider scopes, revocable connections, and explicit approval before source mutations. This page describes the current posture and how to report a concern.
Report a vulnerability
Email security reports to help@kineticapps.io with the subject Tempo security report.
Please include, when available:
- the affected URL, feature, or account flow;
- clear reproduction steps and the observed impact;
- the date and time of testing;
- screenshots or logs with secrets and personal data removed; and
- a safe way to contact you for follow-up.
Do not include OAuth tokens, API keys, passwords, private messages, or another person’s data in the first report. We will coordinate a safer transfer method if evidence containing sensitive data is necessary.
Responsible testing
Please test only accounts and data you own or are expressly authorized to use. Do not disrupt the service, degrade availability, use social engineering, send unsolicited messages, access another user’s data, retain data you encounter, or use automated scanning that creates unreasonable traffic. Stop and report the issue if you gain unintended access.
Tempo does not currently operate a public bug-bounty program or promise payment for reports. We welcome good-faith reports and will work to investigate and remediate validated issues.
Current safeguards
Authentication and data boundaries
- Tempo uses Convex Auth for Google, Apple, and phone sign-in. Application data is keyed to the authenticated Tempo user.
- OAuth tokens, API keys, and model-provider credentials are stored and used server-side rather than exposed to the browser.
- Tempo uses HTTPS for application and provider traffic. The production site also sends HTTP Strict Transport Security headers.
Provider access and mutations
-
Google access is limited to basic sign-in, Gmail
gmail.modify, Calendar events, and read-only calendar-list access. Tempo does not currently request Contacts, Drive, Docs, Tasks, or directory scopes for this flow. - Sending replies, archiving Gmail, and submitting Calendar RSVPs are user-gated. Scheduled briefing email runs only after the user enables a schedule.
- Source credentials and external-agent tokens can be revoked. The external-agent interface cannot send, archive, edit source data, or delete Tempo data.
Data controls
- Source disconnect stops future access and revokes or removes the stored connection credential.
- Reset Tempo data removes live per-user application records while preserving the login identity and authentication records.
- Account → Data controls → Delete account revokes connected Google and Apple access, ends sessions immediately, and starts a server-owned, resumable purge of the remaining account data. See the Privacy Policy for the exact distinction from Reset Tempo data.
Service providers
Tempo relies on managed infrastructure and processors, including Vercel, Convex, OpenRouter and its configured downstream inference providers, Voyage AI, Expo and Apple for generic mobile push delivery, GitHub for controlled issue operations, and Twilio for phone-code delivery. We review and minimize these disclosures and update the product’s public data-use disclosures as integrations change.
Security contact record
Automated tools can read Tempo’s security.txt. General support and privacy questions can use the same monitored address: help@kineticapps.io.
Scope of this page
Security is an ongoing process, and no service can guarantee perfect protection. This page describes current practices rather than a certification, audit report, service-level agreement, or warranty. We will update it when material controls or reporting instructions change.