Security
Trust is the product. We design for least privilege, explicit delivery semantics, and operational clarity—so your team can adopt AI without hiding risk in a black box.
Authentication
Human users authenticate through standard identity flows appropriate for your deployment. Agent clients use scoped credentials so automation cannot impersonate end users.
Data handling
Approval payloads are treated as operational data: encrypted in transit, access-controlled by workspace membership, and subject to retention policies you configure within product limits.
Availability & delivery
Callback delivery uses retries with backoff; polling remains available when your runtime prefers pull semantics. Failed delivery surfaces as explicit state—not silent success.
For integration details and threat considerations, see our documentation.