DocKosha
Security

Security controls for live deal workflows

DocKosha is designed for firms handling sensitive client documents in active deal rooms. We combine core security controls with practical sharing policies like watermarking, gating, download restrictions, and auditability.

Book a walkthroughExplore features

Security controls at a glance

This page is a plain-English overview for advisory firms and client security reviewers. If you need specifics for a questionnaire, contact us.

Baseline

Encryption in transit & at rest

Transport security via TLS and AES-256 at-rest encryption for data stored on our managed infrastructure (Supabase-managed).
Access

Authentication

Passwordless magic links and Google OAuth via Supabase Auth. Session handling is server-assisted for safer public room and document access flows.
RBAC

Role-based access control

Workspace roles (owner/editor/viewer) and workspace-scoped access patterns help prevent accidental over-sharing.
Database

Row Level Security (RLS)

Database policies enforce workspace scoping and role-aware permissions, so users only see what they’re allowed to access.
Links

Secure sharing controls

Granular link controls like access gating, allowlists and blocklists, expirations, NDA templates, presets, and download restrictions help firms share deal material with less risk.
Audit

Internal audit logs

Internal audit logs help workspace owners understand team activity across documents and data rooms.
Deterrence

Dynamic watermarking

Watermarks add accountability during viewing and downloads, reducing the risk of casual leaks or forwarding during active diligence.
Privacy

Privacy-first analytics

Engagement signals help advisory teams understand what was viewed without defaulting to unnecessary personal data collection.
Ops

Operational monitoring

Production monitoring via Sentry helps detect errors and performance regressions quickly without exposing secrets to the client.

How DocKosha approaches security for advisory teams

We treat secure deal sharing as a product capability, not a marketing checkbox. Encryption matters, but preventing leaks in practice usually comes down to whether policy is enforced at the room, link, folder, and document level.

Policy controls for live sharing

DocKosha focuses on controls that still matter after a room goes live:

  • Link-level permissions for view and download behavior
  • Gating like verification, allowlists or blocklists, and NDA terms
  • Expiration and revocable access patterns
  • Watermarking for accountability and deterrence

Privacy-first analytics for follow-up

Advisory teams often need to know what was opened, revisited, or downloaded. Viewer analytics are designed to surface those signals while minimizing sensitive data collection.

  • We avoid storing raw IP addresses
  • Identity is collected only when link settings require it
  • Events focus on viewing, downloads, and time spent

What this means for sell-side and buy-side work

In plain English: DocKosha helps firms control who can open sensitive materials, what they can do after opening them, and what activity the internal team can review later.

  • Use gated access for CIMs, contracts, and financials
  • Apply watermarking when documents move outside the firm
  • Review audit logs and analytics to support internal follow-up

Reporting a vulnerability

If you believe you’ve found a security issue, email us with steps to reproduce and any relevant logs or screenshots.

Email supportPlease avoid sharing sensitive customer data in the initial report.