Built for store data founders do not hand out lightly.
Ops Room connects to systems that make money: commerce, inventory, support, ads, analytics, payments, email, files, and operating conversations. The trust model is simple: tenant-scoped reads, explicit approval before writes, and an audit trail for what happened.
- Access-gated app and membership-gated workspaces
- External writes pause for founder approval
- Active uploaded content blocked or forced to download
- Webhook ingress signed and verified
The controls we can defend today.
Access and membership
Every request is identity-verified, then resolved to a workspace membership before any app, API, or chat request is routed.
Tenant-scoped state
Each workspace is fully isolated from every other. Uploaded artifacts are tenant-scoped and served only through authenticated endpoints.
Approval-gated writes
Every external mutation pauses in chat as an approval card and executes only after the founder approves the exact action.
Append-only audit trail
Reads, approval requests, grants, denials, connector calls, and outcomes land in the Operating Ledger — append-only, so entries can be added but never edited or deleted.
Encrypted connector credentials
Tenant connector secrets are encrypted at rest with AES-256-GCM and decrypted only to make the calls you approve. A dedicated credential broker is the next hardening step on the roadmap.
Export and deletion on demand
Owners can export the whole workspace as JSON anytime, and delete it: every connector is revoked immediately, then all data — operating history, files, memory, and credentials — is permanently erased after a 30-day grace window.
Read freely. Draft freely. Write only after approval.
Scheduled runs strip approval-required tools so the agent cannot queue an unattended write that waits forever or fires outside the founder’s review path.
Orders, stock, tickets, campaigns, analytics, files, marketplace evidence, and recent operating history.
Replies, purchase orders, disputes, inventory changes, vendor follow-ups, runbooks, and brief recommendations.
External writes, config changes, canonical memory, and any action with business side effects.
Only after an inline approval card is granted by the founder in the app thread.
What connected systems are used for.
| System | Reads | Write posture |
|---|---|---|
| Shopify | Orders, products, customers, inventory | Draft orders and Admin mutations behind approval |
| Zoho Inventory | Items, stock, contacts, purchase and sales docs | Purchase orders, contacts, and sales docs behind approval |
| Zoho Desk | Tickets, contacts, departments, threads | Ticket updates and replies behind approval |
| Amazon SP-API | Orders, inventory, listings, marketplace context | Seller actions behind approval |
| Google Ads / Meta Ads | Accounts, campaigns, ad sets, metrics | Campaign changes behind approval |
| Google Analytics | Properties, reports, source and audience metrics | Read-only in v1 |
| Gmail | Messages, threads, labels, search | Drafts and label changes behind approval |
| Razorpay | Payments, orders, refunds, settlements, disputes | Capture, refund, and payment-link actions behind approval |
What is still in progress.
- A dedicated credential broker is on the security roadmap as the next hardening step for how connector secrets are handled.
- Our internal review-and-improvement data handling needs an explicit tenant policy before we claim full admin data isolation.
- Workspace deletion erases your data and revokes connectors; the derived search index is isolated per workspace and dereferenced on deletion rather than individually scrubbed.
- SOC 2 is not complete. Today we provide documented controls, audit logs, and a public remediation roadmap.
Bring the security questions early.
We can walk through data flow, connector scopes, approval evidence, and the current remediation roadmap before you connect production systems.