Security & Trust
An AI that edits your website only works if you trust it.
So we engineered trust into the product before anything else. You stay in control of every change, we touch the minimum we need, and you can pull the plug at any moment. Here is exactly how it works.
Human approval on everything
Our agents propose changes; they never publish on their own. Every edit appears in your dashboard with the data behind it, and nothing goes live until you click approve. You can switch on auto-approval later, per change type, entirely at your discretion.
Least-privilege access
We request only the permissions needed to edit your site content — pages, posts, metadata and structured data. We do not request, receive, or store access to customers, orders, payments, or any personal data your platform holds.
Revocable, no passwords
Connections are made through your platform’s own secure authorisation (OAuth) or a one-line snippet. We never ask for your password, and you can revoke our access in one click from your own platform settings at any time.
Encryption everywhere
All data is encrypted in transit (TLS) and at rest. Authorisation tokens are encrypted before storage and never exposed to the browser.
UK / EU data residency
Your data is stored in the UK/EU region. We are registered with the UK Information Commissioner’s Office (ICO) and operate under UK GDPR. A Data Processing Agreement is available on request.
Full audit trail & rollback
Every change we make is logged with what changed and when, and can be reverted in a single click. Nothing we do is permanent or hidden.
What we can and cannot access
✓ We can edit
- Page & post content
- Titles & meta descriptions
- Structured data (schema)
- Internal links
- Headings & on-page copy
✕ We never access
- Customer records
- Orders & transactions
- Payment details
- Email lists & PII
- Admin users & passwords