Everything you need to evaluate TucDesk for your organisation.
Identity, transport, session encryption, and audit signing are separated, so compromise in one layer does not expose plaintext or administrative control.
Transport and sessions
- •Every agent generates an ED25519 identity keypair at install — no shared passwords in the data path.
- •Session establishment uses X25519 ECDH key exchange; session keys are ephemeral and never persisted.
- •All session traffic is encrypted with AES-256-GCM, with keys derived via HKDF label tucdesk-session-v1.
- •Relay nodes forward ciphertext only — TucDesk infrastructure cannot read session content.
Identity and audit
- •Every action produces a signed, tamper-evident audit entry: actor, action, timestamp, and context.
- •Operator proofs are EdDSA-signed messages; API tokens are short-lived EdDSA-signed JWTs.
- •Master credentials are hashed, never stored plaintext.
- •Audit exports can feed SIEM and compliance workflows with the signature chain intact.
TucDesk Cloud stores data in the United States by default. Paid plans can select an EU region for data at rest. Self-hosted deployments keep everything in your own infrastructure.
| Data category | Cloud (US default / EU on paid plans) | Self-Hosted |
|---|---|---|
| Session recordings | Encrypted at rest in Cloudflare R2 | Encrypted in your MinIO/S3 |
| Audit logs | TucDesk Postgres in your selected region | Your Postgres |
| Agent metadata | TucDesk Postgres in your selected region | Your Postgres |
| Session traffic | E2E encrypted, relay has no access | E2E encrypted, relay has no access |
| Operator credentials | Hashed, never plaintext | Hashed, your Postgres |
| TucDesk visibility | Analytics, usage, billing | None at runtime |
Vulnerability reports and security incidents follow a documented response process with fixed time commitments.
- •Security reports are acknowledged within 24 hours of receipt at security@tucnow.com.
- •Triage and initial severity assessment are completed within 72 hours.
- •Confirmed vulnerabilities follow a 90-day coordinated CVE disclosure window.
- •Scope includes the agent, API, dashboard, rendezvous server, and TURN relay.
Report a vulnerability
Email security@tucnow.com with reproduction details. We acknowledge within 24 hours, triage within 72 hours, and coordinate disclosure over a 90-day window so fixes ship before details are public.
External validation is layered on top of automated security checks that run on every change.
- •An independent penetration test is planned for Q2 2026, with a public summary to follow.
- •gitleaks runs in CI on every commit to catch leaked secrets before they ship.
- •govulncheck runs in CI to flag known vulnerabilities in Go dependencies.
- •The TucLink protocol is open source and MIT-licensed — the transport logic is auditable by anyone.