Skip to main content
Customers evaluating Bulkgrid for production will expect answers about secrets, data boundaries, and operational hygiene.

Authentication security

  • API keys are sent using the x-api-key header
  • keep keys on the server side
  • rotate keys through your own secret-management workflow when needed
  • never expose Bulkgrid credentials from browser code

Customer-side responsibilities

Customers should:
  • scope Bulkgrid usage through backend services
  • log access and job history in their own systems
  • avoid sending secrets through headers or content unless explicitly required and approved
  • review which sources are being ingested and why

Data handling expectations

The current docs should avoid making claims the platform has not formally documented yet. For now, customers should assume that data handling and retention details must be clarified explicitly before production rollout for sensitive use cases.

This page should eventually include

  • retention policy for results and result content
  • storage and deletion expectations
  • support for sensitive or regulated data boundaries
  • customer-visible security controls and contact path