Security architecture
Every message is locked at the source
The people who start a conversation control who enters it. Messages are immutable. Channel provenance is preserved. Every access decision and evidence append is auditable down to the node.
πConversation Access Control
- Each conversation starts with founding participants who hold invite authority.
- Founding participants can invite others, but invitees cannot recursively invite more people.
- Removing a participant revokes all access to conversation nodes instantly.
πMessage Integrity
- Original messages are locked at creation time and cannot be edited.
- Later context is appended as timestamped addenda β notes, files, or corrections.
- Every addendum carries an integrity tag and author signature.
π§Channel Security
- Workspace federation, email, SMS, and internal messages keep their original channel provenance.
- Email bridge uses TLS-encrypted IMAP/SMTP connections and stores immutable source identifiers.
- SMS integration routes through carrier-grade encrypted APIs and records delivery state per message.
π‘οΈData Protection
- All conversation data encrypted at rest using AES-256.
- Per-workspace encryption keys β no cross-workspace data leakage.
- Automatic backup with configurable retention policies.
π€AI Scoping
- AI agents join with scoped permissions and cannot widen human access.
- AI-generated nodes are clearly tagged β no impersonation of human participants.
- Cross-conversation AI retrieval respects membership boundaries and channel scopes.
πAudit & Compliance
- Full audit trail for every node creation, edit, and access event.
- Exportable conversation archives in standard formats.
- Configurable data retention to meet regulatory requirements.