Security

• No internal agent names or orchestration logic exposed.
• No database schemas, infrastructure maps, or service topology shown.
• Guardrails and scoped data access help prevent data leakage.

Production deployments run behind authenticated capability facades with rate limiting and audit trails.

• Browser, API, and billing traffic use TLS in transit.
• Application data stored in managed infrastructure is encrypted at rest by the underlying providers.
• Operational logs are scoped and retained only for support, abuse prevention, and audit evidence.

• Authenticated dashboard data is user-scoped with row-level access controls.
• Billing and operational telemetry paths are separated from public tool execution paths.
• Internal error and rate-limit systems are restricted to service-role access only.

• Workspace and customer inputs are used to execute the requested workflow, not to train public models.
• AI enhancement is limited to authenticated Pro workflows so paid model usage stays scoped and auditable.
• Third-party model providers only receive the minimum content needed to return the requested output.

If you discover a security issue, email security@brainstackstudio.com with reproduction steps and impact. Initial triage target is within 1 business day, followed by coordinated remediation updates.