Account Security

Authentication Methods:

Users can register and log in using Google (OAuth) or a supported crypto wallet (e.g., Phantom, MetaMask).

Each method is securely sandboxed and verified through encrypted API handshakes.

Two-Factor Authentication (2FA):

Optional for Google accounts, mandatory for high-tier creators and enterprise teams.

A second layer of security via email, authenticator apps, or wallet signature requests.

Session Security:

• Auto-logout after 20 minutes of inactivity.

• Session tokens expire on device switch or location mismatch.

• Admins can remotely end team sessions or revoke tokens.

Data Storage, Backups & Recovery

Encrypted Storage:

All user data, including workspace configurations and agent histories, is encrypted using AES-256 encryption at rest, and TLS 1.3 in transit.

Backup Policy:

• Snapshots of user data taken every 12 hours.

• Backups are retained for 30 days in secure, redundant cloud regions.

• Backups are immutable and version-controlled.

• Disaster Recovery:

In the event of infrastructure failure, user environments can be restored within 6–12 hours. Users will be notified of incidents via status page.

Workspace Permissions:

• Admin: Full control over billing, agents, templates, and virtual office assets.

• Editor: Can create agents and manage tasks but cannot access billing.

• Viewer: Read-only access to agent dashboards and reports.

Agent-level Access:

Individual agents can be hidden, locked, or shared only with specific users in a workspace.

Audit Logs:

Admins can review activity history: login times, agent creation, credit usage, marketplace actions.