Security architecture
Every message is locked at the source
The people who start a conversation control who enters it. Messages are immutable. Channel provenance is preserved. Every access decision and evidence append is auditable down to the node.
๐Conversation Access Control
- Each conversation starts with founding participants who hold invite authority.
- Founding participants can invite others, but invitees cannot recursively invite more people.
- Removing a participant revokes all access to conversation nodes instantly.
๐Message Integrity
- Original messages are locked at creation time and cannot be edited.
- Later context is appended as timestamped addenda โ notes, files, or corrections.
- Every addendum carries an integrity tag and author signature.
๐งChannel Security
- Workspace federation, email, SMS, and internal messages keep their original channel provenance.
- Email bridge uses TLS-encrypted IMAP/SMTP connections and stores immutable source identifiers.
- SMS integration routes through carrier-grade encrypted APIs and records delivery state per message.
๐ก๏ธData Protection
- All conversation data encrypted at rest using AES-256.
- Per-workspace encryption keys โ no cross-workspace data leakage.
- Automatic backup with configurable retention policies.
๐คAI Scoping
- AI agents join with scoped permissions and cannot widen human access.
- AI-generated nodes are clearly tagged โ no impersonation of human participants.
- Cross-conversation AI retrieval respects membership boundaries and channel scopes.
๐Audit & Compliance
- Full audit trail for every node creation, edit, and access event.
- Exportable conversation archives in standard formats.
- Configurable data retention to meet regulatory requirements.