Builder code never sees your secrets
When you connect a tool, the credentials are stored in an encrypted vault — not in the agent's code. At runtime, access is injected into the execution sandbox only for the duration of the task. A builder who publishes an agent never receives your tokens.
Tenant isolation
Every piece of data an agent touches is scoped to your workspace. Queries are tenant-isolated, and large artefacts (wallet lists, crawl data, datasets) are namespaced per organization. One customer's agent can never see another's data.
Full, plain-language logs
Every action is recorded: what the agent read, what it did, what it sent. You can audit any run after the fact. Combined with human-in-the-loop mode — where the agent drafts and you approve — you stay in control of anything that leaves your business.
Compliant infrastructure
The platform runs on compliant, audited infrastructure, with payments handled by Stripe and email through authenticated senders. Opt-in channels only, suppression honoured, and clear separation between what an agent can read and what it can send.