BOTOPS
Menu
Book a demo

Security

Tenant boundaries belong on the server.

Botops scopes reads and writes by agency and client, refreshes authorization state during sessions, and keeps private provider credentials out of public configuration.

Launch controls

01

Tenant isolation

Agency and client relationships are verified again at mutation and API boundaries.

02

Credential separation

Management keys are encrypted at rest; optional browser keys are stored separately.

03

Lifecycle enforcement

Inactive users lose session access, and temporary passwords require a change.

Demo safety

The public demo uses dedicated accounts and a demo tenant. Writes, provider calls, ingest, uploads, webhooks, and audit events are blocked server-side; the browser only simulates local feedback.

Questions

Frequently asked

Are app pages indexed?

No. Portal, login, and API surfaces carry noindex controls and are blocked in crawler rules.

Does the public bot config expose prompts?

No. It returns only the provider, widget mode, browser-safe key, agent ID, and safe appearance fields needed at runtime.

Security · Botops