All posts
SecurityMay 20, 2026 4 min read

How your credentials stay protected

An agent that can send email, update your CRM, and publish content is only useful if it's also safe. Security isn't a feature we bolted on — it's the architecture the platform is built on.

Builder code never sees your secrets

When you connect a tool, the credentials are stored in an encrypted vault — not in the agent's code. At runtime, access is injected into the execution sandbox only for the duration of the task. A builder who publishes an agent never receives your tokens.

Tenant isolation

Every piece of data an agent touches is scoped to your workspace. Queries are tenant-isolated, and large artefacts (wallet lists, crawl data, datasets) are namespaced per organization. One customer's agent can never see another's data.

Full, plain-language logs

Every action is recorded: what the agent read, what it did, what it sent. You can audit any run after the fact. Combined with human-in-the-loop mode — where the agent drafts and you approve — you stay in control of anything that leaves your business.

Compliant infrastructure

The platform runs on compliant, audited infrastructure, with payments handled by Stripe and email through authenticated senders. Opt-in channels only, suppression honoured, and clear separation between what an agent can read and what it can send.

Ready to deploy your AI workforce?

Browse the marketplace and start a 7-day free trial.

Explore agents