tempo

Security at Tempo

Last updated: July 9, 2026 · Kinetic Studio Inc.

Tempo handles sensitive work data, so we design access around user-scoped records, server-side credentials, narrow provider scopes, revocable connections, and explicit approval before source mutations. This page describes the current posture and how to report a concern.

Report a vulnerability

Email security reports to help@kineticapps.io with the subject Tempo security report.

Please include, when available:

Do not include OAuth tokens, API keys, passwords, private messages, or another person’s data in the first report. We will coordinate a safer transfer method if evidence containing sensitive data is necessary.

Responsible testing

Please test only accounts and data you own or are expressly authorized to use. Do not disrupt the service, degrade availability, use social engineering, send unsolicited messages, access another user’s data, retain data you encounter, or use automated scanning that creates unreasonable traffic. Stop and report the issue if you gain unintended access.

Tempo does not currently operate a public bug-bounty program or promise payment for reports. We welcome good-faith reports and will work to investigate and remediate validated issues.

Current safeguards

Authentication and data boundaries

Provider access and mutations

Data controls

Service providers

Tempo relies on managed infrastructure and processors, including Vercel, Convex, OpenRouter and its configured downstream inference providers, Voyage AI, Expo and Apple for generic mobile push delivery, GitHub for controlled issue operations, and Twilio for phone-code delivery. We review and minimize these disclosures and update the product’s public data-use disclosures as integrations change.

Security contact record

Automated tools can read Tempo’s security.txt. General support and privacy questions can use the same monitored address: help@kineticapps.io.

Scope of this page

Security is an ongoing process, and no service can guarantee perfect protection. This page describes current practices rather than a certification, audit report, service-level agreement, or warranty. We will update it when material controls or reporting instructions change.