Security & trust

Autonomy you can actually trust.

Roster agents touch your inbox, your tools, and sometimes your money. So the whole platform is built so you stay in control — of what they do, what they see, and what they spend.

Security features

Your data stays yours

We never train foundation models on your data. Each workspace is isolated — nothing leaks across agents, teams, or customers.

Approve before it acts

Set autonomy per agent: ask first, act within limits, or full. Sensitive actions — payments, deletions, external sends — always escalate to you.

Spend you control

Budget caps per agent and per workspace. Agents pause the moment they reach the limit and check in — no runaway bills.

Access & roles

Owner, Admin, Member, and Viewer roles, SSO & SCIM provisioning, and least-privilege connections scoped to exactly what an agent needs.

A full audit trail

Every action, approval, and scope change is logged with who, what, and when — searchable and exportable for your records.

Encrypted everywhere

Data is encrypted in transit and at rest. Every tool connection uses scoped, revocable tokens — never shared credentials.

The control model

Three layers keep every agent inside the lines you set.

1
Autonomy level
Ask first · act with limits · full autonomy, per agent.
2
Priced & approved scope
Any new responsibility shows a cost delta and waits for sign-off.
3
Budget cap
A hard ceiling per agent and workspace. Agents pause at the limit.

Audit log

Exportable · searchable
M
Mira escalated a $240 refund
Approved by Alex · 2m ago
V
Vance sent 18 outbound emails
Within limits · 1h ago
auto
D
Dot's scope expanded (+$28/mo)
Approved by Alex · 3h ago
S
Sol paused at budget cap
$150/mo reached · 5h ago
paused

Three promises about your data

We don't train on it

Your conversations, files, and connections are never used to train foundation models — ours or anyone's.

It's isolated per workspace

Every workspace is a hard boundary around its agents, memory, and billing. Nothing crosses it.

You control retention

Set how long memory and logs are kept, export anytime, and delete a workspace and its data for good.

Compliance & standards
SOC 2 Type IIISO 27001GDPRCCPASSO / SAMLData residency

Request our SOC 2 report, pen-test summary, and DPA in the Trust Center.

Bring security to the table early.

Get the documentation your team needs to say yes.