About

Built for clarity.

Kunbord is an independent project. This page explains how the app works, what data is stored, and how it is protected.

01

What is Kunbord?

Kunbord is a minimalist kanban board built to stay simple. It is cloud-synced over HTTPS, encrypts sensitive content at the API before it reaches the database, and is designed to stay out of your way.

This page grows with the product. When something changes, it should be documented here in plain language.

02

Data encryption

All traffic between your browser and Kunbord uses HTTPS (TLS), so data in transit is encrypted on the wire. At the API, sensitive fields are encrypted with AES-256-GCM before they are written to the database. Each workspace uses its own derived key, so the database holds only ciphertext — a breach exposes no readable content.

Workspace names

active

Workspace names are encrypted at the API before storage. The database stores ciphertext only; the API decrypts on read and returns plaintext over HTTPS.

Board titles

active

Board titles are encrypted at the API before being stored. The database only ever holds ciphertext.

Item titles

active

Every item title is encrypted server-side before being persisted. The API decrypts on read and returns plaintext over HTTPS.

Item descriptions

active

Item descriptions are encrypted at the API before storage. All data in transit is protected by HTTPS/TLS.

Custom categories

active

Custom category labels are encrypted at the API using the same model as other content — ciphertext in the database, decrypted only when served to your session over HTTPS.

03

Infrastructure

Kunbord runs on Railway with a Neon PostgreSQL database. Privacy-friendly analytics use self-hosted Umami on Railway under our control — not third-party analytics or advertising platforms. Application errors are recorded with Sentry for engineering diagnostics and stability.

PostgreSQL — Neon

active

The database is a Neon-hosted PostgreSQL service. Neon provides managed Postgres with encryption at rest, automated backups, and secure connectivity over TLS. Isolation and access controls are enforced within Neon and Railway.

API server

active

The backend API is an ASP.NET Core application deployed on Railway. All traffic is served over HTTPS (TLS 1.2+). Plaintext HTTP connections are rejected. Sentry captures application errors and crashes for technical diagnostics — not for advertising or behavioural profiling.

04

Authentication

Authentication is handled by Clerk, a dedicated identity provider. Passwords and credentials are never stored by Kunbord directly — all session management, MFA, and security auditing are delegated to Clerk's infrastructure.

Kunbord's own database holds only your encrypted content and a Clerk user ID. A database breach would expose no passwords and no plaintext content.

05

Contact

Contact details are available on the contact page.