Security

1. Security principles

Gonka24's security approach is based on the following principles:

• protect user data and customer content;
• reduce unnecessary data collection;
• apply access controls and least-privilege principles;
• secure API access and account credentials;
• monitor systems for abuse, failures, and suspicious activity;
• use trusted infrastructure and service providers;
• respond to vulnerabilities and incidents responsibly;
• continuously improve security as the service evolves.

No online service can be completely risk-free, but Gonka24 works to maintain strong technical and organizational safeguards.

2. Data protection

Gonka24 uses reasonable technical and organizational measures to protect data against unauthorized access, loss, misuse, alteration, disclosure, or destruction.

These measures may include:

• encryption in transit;
• secured communication channels;
• access controls;
• authentication mechanisms;
• role-based permissions;
• logging and monitoring;
• infrastructure hardening;
• backup and recovery processes;
• separation of environments where appropriate;
• internal access restrictions;
• security reviews for sensitive changes;
• incident response procedures.

3. Encryption

Gonka24 uses encryption in transit where appropriate to protect data transmitted between users, browsers, APIs, infrastructure components, and service providers.

Where technically and operationally appropriate, Gonka24 may also use encryption, hashing, tokenization, or other protective methods for sensitive data at rest.

Users are responsible for protecting their own devices, browsers, local environments, private keys, credentials, API keys, tokens, wallets, and integrations.

4. Account security

To help protect accounts, Gonka24 may use:

• password-based authentication;
• secure session management;
• token-based access;
• API key management;
• access restrictions;
• audit logs;
• suspicious activity detection;
• account recovery controls;
• administrative permission controls.

Users are responsible for:

• using strong and unique passwords;
• keeping credentials confidential;
• protecting API keys and tokens;
• limiting access to authorized team members only;
• removing access for former employees, contractors, vendors, or partners;
• monitoring account usage;
• notifying Gonka24 immediately if compromise is suspected.

5. API key and token security

API keys, tokens, credentials, wallet credentials, and access secrets must be treated as confidential.

Users should not:

• expose API keys in public repositories;
• share credentials in chat, email, screenshots, or public documentation;
• embed secrets in frontend code;
• transmit secrets over insecure channels;
• use the same credentials across unrelated environments;
• give production keys to unauthorized users or third parties;
• store private keys or seed phrases in unsafe environments.

If an API key, token, or credential may have been exposed, users should rotate or revoke it as soon as possible and contact Gonka24 if assistance is needed.

Gonka24 may suspend or restrict keys, tokens, or accounts if we detect abuse, leakage, compromise, suspicious activity, or security risk.

6. Infrastructure security

Gonka24 may rely on cloud infrastructure, hosting providers, model providers, gateway providers, database providers, monitoring tools, security tools, and other technical service providers.

Infrastructure security measures may include:

• controlled access to production systems;
• network-level protections;
• monitoring of infrastructure health;
• logging of relevant security events;
• environment configuration reviews;
• secure deployment processes;
• backup and recovery procedures;
• incident response workflows;
• service availability monitoring.

Gonka24 selects service providers based on operational, technical, commercial, and security considerations.

7. Access control

Gonka24 applies access control principles to reduce unnecessary exposure of systems and data.

Internal access to production systems, customer data, logs, credentials, or administrative tools is limited to authorized personnel or service providers who need access for legitimate operational, support, security, or compliance purposes.

Access may be reviewed, restricted, logged, revoked, or changed when necessary.

8. Monitoring and logging

Gonka24 may monitor platform, API, gateway, and infrastructure activity to:

• maintain service reliability;
• detect abuse;
• investigate incidents;
• troubleshoot technical issues;
• prevent fraud;
• enforce rate limits;
• identify security threats;
• protect users and infrastructure.

Logs may include technical metadata such as timestamps, IP addresses, API request metadata, response metadata, error messages, usage metrics, route information, model/provider identifiers, latency, and security events.

Gonka24 does not intentionally collect more data than reasonably necessary for security, operations, compliance, billing, troubleshooting, and service improvement.

9. Incident response

If Gonka24 becomes aware of a security incident, we will take appropriate steps based on the nature and severity of the incident.

These steps may include:

• investigating the issue;
• limiting or blocking unauthorized activity;
• rotating credentials where appropriate;
• patching affected systems;
• restoring service availability;
• notifying affected users where required;
• notifying authorities where required by law;
• improving controls to reduce the risk of recurrence.

Users should report suspected security incidents, unauthorized access, leaked credentials, suspicious API activity, or platform abuse through the official contact or support channels available on gonka24.com.

10. Vulnerability reporting

Gonka24 welcomes responsible reports of potential security vulnerabilities.

When reporting a vulnerability, please include:

• a clear description of the issue;
• affected URL, endpoint, API, feature, or component;
• steps to reproduce;
• potential impact;
• screenshots, logs, or proof-of-concept details where safe and appropriate;
• your contact information for follow-up.

Do not:

• access, modify, delete, copy, or exfiltrate data that does not belong to you;
• disrupt or degrade Gonka24 services;
• perform denial-of-service attacks;
• run automated scanning that may affect service availability;
• attempt social engineering;
• publicly disclose the vulnerability before Gonka24 has had a reasonable opportunity to investigate and remediate it.

Gonka24 will review vulnerability reports and take reasonable steps to address valid security issues.

11. Customer responsibilities

Security is shared between Gonka24 and its users.

Customers and users are responsible for:

• securing their own accounts;
• securing API keys, tokens, wallets, and credentials;
• configuring integrations safely;
• managing team access;
• applying least-privilege access within their organization;
• monitoring usage and billing;
• validating outputs before using them;
• ensuring that submitted data is appropriate for the selected service configuration;
• complying with applicable laws and internal security policies;
• protecting local devices, networks, browsers, applications, and infrastructure.

Gonka24 is not responsible for security incidents caused by customer-side misconfiguration, exposed keys, compromised devices, weak passwords, unsafe integrations, unauthorized internal access, or misuse of the service.

12. AI and API security considerations

When using Gonka24 for AI, API, gateway, model, or inference-related workflows, users should follow security best practices.

Users should:

• avoid submitting secrets, private keys, passwords, seed phrases, or highly sensitive credentials in prompts or API requests;
• avoid submitting regulated or confidential data unless the configuration is suitable for that data;
• review model outputs before using them in production;
• use separate keys for development, testing, and production;
• rotate keys periodically;
• apply rate limits and usage monitoring on their own systems;
• validate outputs before executing code, transactions, business decisions, or automated actions;
• implement human review for high-risk use cases;
• monitor abnormal usage patterns;
• avoid giving AI systems unnecessary access to sensitive tools, data, or production systems.

AI outputs can be inaccurate, unsafe, incomplete, or manipulated through prompt injection or other adversarial techniques. Users are responsible for designing safe downstream workflows.

13. Third-party providers and networks

Gonka24 may interact with third-party providers, model providers, compute providers, gateway providers, blockchain or decentralized networks, payment providers, infrastructure providers, and other external services.

Security, availability, pricing, performance, and reliability of third-party services may depend on those third parties.

Gonka24 works to use reasonable safeguards, but cannot fully control third-party infrastructure, third-party security practices, decentralized network behavior, external model outputs, or external provider availability.

Users should review whether each provider, model, route, and configuration is appropriate for their intended use case.

14. Backups and recovery

Gonka24 may use backup and recovery procedures to support service continuity, incident recovery, and operational resilience.

Backup scope, retention, and restoration capabilities may vary depending on the type of data, service component, provider, and technical configuration.

Backups are not a substitute for customer-side backups. Users are responsible for maintaining their own copies of important data, configuration, outputs, logs, credentials, and business records.

15. Service availability

Gonka24 works to maintain reliable service availability, but no system can guarantee uninterrupted operation.

Service may be affected by:

• maintenance;
• updates;
• provider outages;
• model provider limitations;
• cloud infrastructure issues;
• network failures;
• security incidents;
• excessive demand;
• rate limits;
• blockchain or decentralized network conditions;
• legal or regulatory restrictions;
• force majeure events.

Gonka24 may temporarily restrict, throttle, suspend, or disable access where necessary to protect the service, users, providers, infrastructure, or public safety.

16. Data minimization

Gonka24 aims to collect and process only data that is reasonably necessary for:

• providing the service;
• routing and processing API requests;
• managing accounts;
• calculating usage and billing;
• securing the platform;
• detecting abuse;
• troubleshooting technical issues;
• complying with legal obligations;
• improving reliability and performance.

Users should also minimize the data they submit to Gonka24 and avoid submitting unnecessary personal, confidential, regulated, or sensitive information.

17. Secure development

Gonka24 aims to follow secure development practices where appropriate, which may include:

• reviewing sensitive changes;
• limiting access to production environments;
• separating development and production environments where appropriate;
• monitoring dependencies;
• applying patches and updates;
• testing critical features;
• investigating security reports;
• improving controls over time.

Security is an ongoing process, and Gonka24 may update its practices as the platform, technology, threat landscape, and legal requirements evolve.

18. Limitations

This Security page describes Gonka24's general security approach. It does not create a warranty, guarantee, service-level agreement, or contractual commitment unless expressly agreed in writing.

Gonka24 cannot guarantee that:

• the service will be completely secure;
• unauthorized access will never occur;
• third-party providers will always remain secure;
• AI outputs will always be safe or accurate;
• all vulnerabilities will be detected immediately;
• all incidents can be prevented;
• all data transmission or storage will be risk-free.

19. Contact

To report a security issue, suspected vulnerability, leaked credential, unauthorized access, platform abuse, or suspicious activity, contact Gonka24 through the official email: gonka24support@gmail.com