Security

Trust, data safety & control

What is implemented on this website today, and what is configured per client project for deployed agents.

Website security (implemented)

Controls active on this marketing site and lead forms.

Server-side validation

Zod schemas validate all lead and registration payloads.

Consent required

Forms require explicit consent with links to legal pages.

Rate limiting

In-memory per-IP limits reduce form abuse.

Honeypot field

Hidden field filters basic bot submissions.

Request IDs

API responses include IDs for support tracking.

Secrets server-side

Database and auth secrets stay in server environment variables.

Agent deployment controls (per project)

Configured individually when your agent is built — not automatic for every integration.

Limited permissions

Agents receive only the API scopes you approve.

Action confirmation

Critical operations can require human approval.

Data separation

Customer data should be isolated per project/account.

Retention settings

Conversation history retention period can be configured.

Human handoff

Dialogs can be transferred to staff with full context.

Integration access

Depends on tokens and permissions you grant.

Safe logging

Logs must not expose API secrets or full payment data.

Future AI deployments add provider-specific controls. Exact settings depend on your contract and architecture.

Your data on this website

Lead submissions are stored in PostgreSQL after validation. Registration uses hashed passwords. We do not sell personal data. Legal entity details and retention period are marked as placeholders until the owner provides final text.

Request a consultation

Tell us about your business — we will respond with next steps.