Resources / Security
Security at Operalta
Company-scoped access controls, publication-safe sharing boundaries, scoped API credentials, and auditability across sensitive actions. Security is designed into the platform, not bolted on afterwards.
Access
Company boundaries
Company-scoped access, controlled sharing, and publication boundaries stay explicit.
Privacy
AI posture
Product data is not used to train third-party models and processor terms stay explicit.
Controls
Auditability
Sensitive flows keep logs, validation, and safer operational defaults.
What matters
The essential trust review
Database and tenant controls
Company-scoped data is filtered at query time, reinforced by database policies, and separated from publication or shared-access boundaries.
Access control
Internal company-wide members, scoped collaborators, and external viewers do not share the same permissions. Critical actions use stricter checks than read-only surfaces.
Encryption and credential handling
HTTPS is enforced in production, storage layers are encrypted at rest, and shared access relies on scoped grants and rotatable credentials instead of broad static access.
Tenant isolation
Workspace memory, metrics, reports, and integrations stay isolated by company context. Cross-company access is blocked at resolver and resource layers.
AI and automation security
Agent and automation flows inherit the same access model as the app. Generated markdown is sanitized, critical webhooks validate signatures, and async jobs keep trace IDs for auditability.
Privacy and compliance posture
Data is not sold or used for third-party model training. GDPR and CCPA rights workflows are in place, and SOC 2 Type II work remains in progress.
Related pages
Go deeper only where needed
Security terms
Use the detailed legal and control language when a security review needs more than the overview.
Open termsPrivacy policy
Review retention, deletion, transfers, and privacy-right workflows in the dedicated policy page.
Open policyDeveloper docs
Use the technical layer when the next question is integration, API, or OAuth behavior.
Open docsNeed more than the overview?
Use this page when trust review starts and the product map is already clear
This page is the short trust layer for access, privacy, and operational posture. If you need formal detail, use Security Terms or contact security@operalta.com.