Fumi Fumi

Last updated Oct 27, 2025

Security

Understand how Fumi protects data across infrastructure, application, and access layers.

Platform safeguards

  • Transport encryption: All traffic terminates over TLS 1.3 on Cloudflare’s edge network.
  • Data at rest: Event payloads reside in Cloudflare D1 with per-table encryption keys.
  • Secrets management: Worker secrets use Cloudflare KV/Secrets; rotation is handled via the setup script.

Access controls

  • API keys are scoped per project and hashed before storage.
  • Dashboard authentication relies on signed JWTs delivered through HTTP-only cookies.
  • Support for SCIM and SSO is on the roadmap; until then, rotate tokens regularly and restrict workspace membership.

Operational practices

  • Continuous logging via wrangler tail feeds anomaly detection.
  • Incident response runbooks cover rollback, key rotation, and webhook replay.
  • Security updates are noted in the Changelog.

Reporting issues

Email security@fumi.dev with vulnerability reports. Include reproduction steps, affected components, and impact. Responses are usually within one business day.