How we protect your data
AutoBrief is built to keep incident data scoped to your workspace and protected with practical security controls.
Data Isolation
We use a multi-tenant model with tenant-scoped access controls so users can only access data in their own workspace.
At the database level, row-level security policies enforce tenant boundaries.
Encryption
We apply application-layer encryption to selected sensitive incident and output fields before they are stored, using industry-standard authenticated encryption (AES-256-GCM). We also enforce tenant-scoped access controls and row-level security to isolate workspace data.
Transport Security
All traffic to AutoBrief is served over HTTPS/TLS. This protects your incident data in transit between your browser and our servers.
AI Handling
When you generate outputs, we send only the incident content needed to produce the selected format. We don't use your workspace data to train models.
Secrets and Access
API keys and service credentials are stored as server-side environment variables. Sensitive keys are not exposed to client-side JavaScript.
Webhook Verification
Billing webhooks are validated with an HMAC signature check before processing. Invalid signatures are rejected.