Security & privacy
How your data is isolated, how credentials are protected, and who can see what.
The platform handles your marketing and sales data, so it's built to keep that data isolated, your credentials protected, and access tightly controlled.
Account isolation
Each account's data, Brain and reports are isolated. Nothing crosses between accounts.
Every client you manage is fully separated - one client can never see another's data, and clients never see your agency portal. Isolation is enforced at the data layer, not just the interface.
Credentials
- Connections use secure, scoped authorisation (OAuth where possible) rather than sharing passwords.
- Stored secrets - API keys, your AI key, telephony keys - are encrypted and write-only: entered but never shown back.
- Access tokens refresh automatically and quietly behind the scenes.
Who can see what
- Access is invite-only; there's no public self-registration into an existing account.
- Roles control who can change billing and sensitive settings. See Logging in & access.
Everything the Brain learns stays inside your workspace, visible only to people you've invited.
The Brain separates client-visible knowledge from internal notes; clients only ever see what's marked visible to them.
The Web Concierge
The website chatbot is deliberately constrained - it answers only from knowledge your team has explicitly approved, never your raw internal data, and it's protected against abuse with origin checks, rate limits and spend safeguards. See Web Concierge.
Money & usage
Internal cost and token figures are never exposed on the client-facing side - clients see plans and access, not spend.
Your usage is shown as plain counts against your allowances, never as raw cost figures. See Usage & limits.