Security model: isolation first.

The summary, up front:

  • Isolation — every client workspace is separated by record-level rules at the database layer.
  • Access — role-based (manager, creator, publisher); credentials are admin-only.
  • Self-hosting — on Enterprise, the whole platform runs on your servers, so content stays within your own infrastructure.
  • Credentials — platform tokens are stored and expiry-tracked, surfaced before they lapse.

SYS.001

Data isolation

Every client lives in an isolated workspace; record-level rules enforce data separation at the database level. This is not a UI filter that a misconfigured view could bypass — access is evaluated where the data lives. A user scoped to one workspace cannot read another's content, accounts, or credentials.

SYS.002

Access control

Roles decide who can draft, approve, and publish. API keys and platform tokens are visible to admins only — creators and publishers work with content and never touch the underlying secrets. See Multi-Client.

SYS.003

The AI data path

The AI engine sees only the sources you connect and the brand styles you define — never another workspace's data. On a self-hosted Enterprise deployment, that content stays within your own infrastructure rather than transiting a shared cloud.

Self-hosted on Enterprise: your content stays within your own infrastructure.

SYS.004

Self-hosted deployment

On Enterprise, deploy the entire platform from a provided Docker Compose stack on your own servers, with nginx and SSL scripts included. Your data, your network, your control. See Enterprise.

SYS.005

Platform credentials

Connected-account tokens are stored per workspace and their expiry is tracked, so a lapse is flagged before a post fails rather than after.

SYS.006

Responsible disclosure

Found something? We publish a security.txt (RFC 9116) with the contact path for reporting vulnerabilities. We respond to good-faith reports.

We list only controls we actually ship. We do not claim certifications we do not hold.

Questions, answered

Can one client's team see another's data?

No. Record-level rules enforce isolation at the database layer, so a user in one workspace cannot reach another's content, accounts, or credentials.

Where does our content go when the AI processes it?

The engine sees only the sources and styles you provide, isolated from other workspaces. On a self-hosted Enterprise deployment, that content stays within your own infrastructure.

Who can see API keys and platform tokens?

Admins only. Other roles work with content and never see the secrets.

Do you hold SOC 2 or similar certifications?

We publish only the controls we actually operate and do not claim certifications we don't hold. For specific procurement requirements, contact us.

Forty minutes from now, this could be running.

Start free →

Free month · 10 posts · No credit card

Related: Enterprise · Multi-Client · Integrations · Pricing