Authentication

The MCP endpoint supports OAuth for interactive connectors and bearer API keys for headless clients. Browser catalogue access uses signed sessions after OAuth sign-in.

Data boundaries

XData stores searchable text and metadata, not long-term source audio. Temporary audio files are removed after transcription. Public-source ingestion is separated from authenticated user identity except for usage and demand tracking.

Blocked source acquisition

Sources that block datacenter IPs can be routed to a local-fetch agent. Cloud endpoints for this workflow are guarded by a shared token, and the service returns not found when that token is not configured.

Operational controls

• Production uses managed Postgres with pgvector and Render Key Value for queue handoff.
• Administrative database access is IP-restricted.
• API keys are stored hashed and can be deactivated.
• Ingestion jobs have explicit status tracking for queued, working, completed, failed, and local-fetch states.

Reporting

Report suspected vulnerabilities, exposed credentials, or abusive ingestion behavior through the XData support page and this public security policy.