Security

Every organization runs on its own isolated Postgres schema. No shared tables, no co-mingled data. Your revenue data never crosses tenant boundaries.

All data is encrypted in transit using TLS 1.2+ and at rest using AES-256 encryption. Credentials and API keys are stored encrypted and only decrypted at the moment of use.

Every API request is scoped to the authenticated user's workspace and role. All database queries enforce org and user ownership checks, preventing cross-tenant data access.

Every AI action, agent execution, skill invocation, and data access is logged with timestamps. See exactly what happened, when, and why — with full replay capability.

OAuth flows are bound to the initiating user via signed state tokens. Callbacks verify the cryptographic signature, preventing session fixation and cross-user authorization hijacking.

When connecting third-party services like Salesforce, Gong, or Slack, we only request the minimum scopes required to perform your configured automations. We never access more data than necessary.

Data obtained from third-party APIs is never used to train AI models. Claude receives pre-assembled context payloads and returns structured output — it never queries your data sources directly.

All agent, skill, and trigger changes go through a staging pipeline before reaching production. Version control, rollbacks, and promotion gates ensure nothing ships untested.

Granular permissions for every role — Admin, Builder, Viewer, Auditor. Control who can create agents, manage integrations, access billing, and configure governance settings.

Hosted on SOC 2-compliant cloud infrastructure with private networking between services, automated security patching, and continuous monitoring. Powered by Vercel and Neon Postgres.

High-stakes AI actions require human approval before execution. The tiered autonomy model (Observe → Recommend → Execute) ensures AI earns trust through measurable accuracy before acting independently.

Full visibility into every AI call — cost, latency, model usage, input/output pairs, and quality metrics. Track and audit AI behavior across your entire platform in real time.