Security and confidentiality

Built for store data founders do not hand out lightly.

Ops Room connects to systems that make money: commerce, inventory, support, ads, analytics, payments, email, files, and operating conversations. The trust model is simple: tenant-scoped reads, explicit approval before writes, and an audit trail for what happened.

Current posture
  • Access-gated app and membership-gated workspaces
  • External writes pause for founder approval
  • Active uploaded content blocked or forced to download
  • Webhook ingress signed and verified
Controls

The controls we can defend today.

Access and membership

Every request is identity-verified, then resolved to a workspace membership before any app, API, or chat request is routed.

Tenant-scoped state

Each workspace is fully isolated from every other. Uploaded artifacts are tenant-scoped and served only through authenticated endpoints.

Approval-gated writes

Every external mutation pauses in chat as an approval card and executes only after the founder approves the exact action.

Append-only audit trail

Reads, approval requests, grants, denials, connector calls, and outcomes land in the Operating Ledger — append-only, so entries can be added but never edited or deleted.

Encrypted connector credentials

Tenant connector secrets are encrypted at rest with AES-256-GCM and decrypted only to make the calls you approve. A dedicated credential broker is the next hardening step on the roadmap.

Export and deletion on demand

Owners can export the whole workspace as JSON anytime, and delete it: every connector is revoked immediately, then all data — operating history, files, memory, and credentials — is permanently erased after a 30-day grace window.

Agent authority

Read freely. Draft freely. Write only after approval.

Scheduled runs strip approval-required tools so the agent cannot queue an unattended write that waits forever or fires outside the founder’s review path.

Read

Orders, stock, tickets, campaigns, analytics, files, marketplace evidence, and recent operating history.

Draft

Replies, purchase orders, disputes, inventory changes, vendor follow-ups, runbooks, and brief recommendations.

Ask

External writes, config changes, canonical memory, and any action with business side effects.

Execute

Only after an inline approval card is granted by the founder in the app thread.

Connector scope

What connected systems are used for.

SystemReadsWrite posture
ShopifyOrders, products, customers, inventoryDraft orders and Admin mutations behind approval
Zoho InventoryItems, stock, contacts, purchase and sales docsPurchase orders, contacts, and sales docs behind approval
Zoho DeskTickets, contacts, departments, threadsTicket updates and replies behind approval
Amazon SP-APIOrders, inventory, listings, marketplace contextSeller actions behind approval
Google Ads / Meta AdsAccounts, campaigns, ad sets, metricsCampaign changes behind approval
Google AnalyticsProperties, reports, source and audience metricsRead-only in v1
GmailMessages, threads, labels, searchDrafts and label changes behind approval
RazorpayPayments, orders, refunds, settlements, disputesCapture, refund, and payment-link actions behind approval
No overclaiming

What is still in progress.

  • A dedicated credential broker is on the security roadmap as the next hardening step for how connector secrets are handled.
  • Our internal review-and-improvement data handling needs an explicit tenant policy before we claim full admin data isolation.
  • Workspace deletion erases your data and revokes connectors; the derived search index is isolated per workspace and dereferenced on deletion rather than individually scrubbed.
  • SOC 2 is not complete. Today we provide documented controls, audit logs, and a public remediation roadmap.
Talk through the stack

Bring the security questions early.

We can walk through data flow, connector scopes, approval evidence, and the current remediation roadmap before you connect production systems.