Credentials, sealed
API credentials live apart from source content, encrypted at rest, and are never returned in plaintext — not to the UI, not to a model.
Encrypted credentials, redaction before every model call, and strict tenant isolation on every workspace-owned record and query.
To answer well, a support platform needs your keys, your context, and your customers' conversations. That concentration of sensitive data is exactly why the wrong architecture is dangerous: a leaked credential, a cross-tenant query, or a secret echoed into a model prompt turns your support tool into your biggest exposure.
API credentials live apart from source content, encrypted at rest, and are never returned in plaintext — not to the UI, not to a model.
Secrets are stripped before any model call. The agent can act on a credential without the credential ever entering a prompt.
Every workspace-owned record and query preserves tenant boundaries, enforced down to the database with row-level security.
The most sensitive material — keys, conversations, context — is handled so it can't leak. These aren't marketing promises; they're the architecture.
API credentials are stored separately from the docs, schemas, and conversations they relate to. They're encrypted at rest and redacted before they reach a model, so an ingested doc or a customer message can never surface a key. The agent uses credentials it is never shown.
Tenant isolation isn't an afterthought — it's enforced on every workspace-owned record and query, with row-level security and parent/child relationships checked at the database. One tenant's context, conversations, and credentials are never reachable from another.
Public widget access uses a workspace public key plus route-level controls. It lets visitors chat and read what you've published — it does not grant general table access. Operator-only diagnostics stay operator-only, and customer-private data stays private.
Credentials are encrypted at rest and kept apart from the content they relate to.
Any secret is stripped before a prompt is ever built, so it can't leak through the agent.
Row-level security scopes each read and write to the owning workspace.
Separately from source content, encrypted at rest. They're redacted before any model call and never returned in plaintext to the UI or the agent.
No. Tenant isolation is enforced on every workspace-owned record and query, including row-level security and verified parent/child relationships at the database.
No. The widget uses a workspace public key with route-level controls that permit chat and published content only. It never grants general table access.
Secrets are redacted before prompts are built, and ingested content plus user input are treated as untrusted, so credentials don't enter model calls in the first place.
Keep credentials sealed, secrets out of prompts, and every workspace strictly isolated.