Organization-scoped records
The platform is designed so customer-owned records are scoped to an organization and accessed through workspace roles and permissions.
Security overview
Security boundaries for the shared WhatsApp workspace.
This page summarizes current public security posture without claiming certifications, guarantees, or controls that still need owner/security review.
Current security posture
Workspace roles and support boundaries
Operational access should follow customer organization roles. Creator or support access to customer content should require an approved support workflow.
Encrypted linked-device credentials
Session credentials are designed to be encrypted at the application layer rather than exposed as plain operational data.
Line-scoped API tokens
Channel API tokens are scoped to a WhatsApp line. Store them as server-side secrets and rotate them when access changes.