Security & data architecture

Where your data lives — and exactly what touches it.

Command Center is built for regulated and sensitive work. Account isolation is enforced in the database, not the interface; your keys live in a server-side vault; and every AI action is governed by controls that are structural, not promises in a prompt. Here is the boundary, the controls, and the product that enforces them.

The data boundary

Your data, your provider, your agreement.

Command Center sits between the project you explicitly show it and the AI provider you choose. Content travels to your provider under your own key — it never passes through us, and we never resell compute.

Your data

The folder or database you explicitly show it — read access only, with browser permission. Optional BYO Database keeps operational data inside your own infrastructure.

You own it
explicit, scoped

Command Center

The governance layer: multi-tenant Postgres with RLS isolation, encrypted key vault, SHA-256 audit chain, security veto and pre-call spend gates. Decisions, not data, are its product.

Governs every call
your key

Your AI provider

Anthropic, OpenAI or Google — under your own API key and data agreement. Major API plans don't train on your data by default. Mixable per project and per agent.

No lock-in

BYOK · keys encrypted server-side, never in the browser · isolation enforced in the database, not the UI

Structural by design

Six controls, enforced in the database.

Governance isn't a markdown prompt nobody reads. Each of these is implemented where it can't be bypassed — in the data layer and the execution path.

RLS

Multi-tenant isolation

Every workspace is isolated with Postgres RLS on Supabase. One account can never read another's data — enforced by the database, audited by the CSEO agent.

Vault

BYOK key vault

Your API keys are encrypted in a server-side vault. They never touch the browser or frontend code, and you can rotate them anytime.

Live

SHA-256 audit chain

Every call and output is appended to cc_audit_log with a tamper-evident hash chain. "Which agent, which model, when?" is a query, not an investigation.

Veto

Security officer veto

The Chief Security & Ethics agent holds veto power over unsafe deploys — enforced in the database, backed by OWASP Top 10 and CIS Controls audits.

Pre-call

Spend gate

A budget_usd_month ceiling is checked before every call (ADR-014). Over budget, it stops — with a kill-switch. No runaway invoices.

Structural

Ask-before-execute

Irreversible actions require explicit human sign-off via a guardrail skill that cannot be uninstalled. Nothing high-stakes goes out unattended.

From inside the platform

These controls are live — here's what they look like.

Real views from Command Center. Not mockups — the governance surface your team operates every day.

Chief Security & Ethics agent — veto power, OWASP & CIS audits, critical RLS tasks
Chief Security & Ethics · CSEO The security officer with veto power

Audits RLS, OWASP Top 10, IAM and AI ethics. Skills are SHA-verified; critical tasks (activate RLS, audit exposed anon keys) are tracked as CRIT until resolved.

BI Bridge — controlled, event-based connectors to external tools
BI Bridge Controlled data egress

Events (task.done, task.created) stream to the tools you register — webhook, Sheets, Power BI — nothing leaves unregistered.

Brain Map — interactive, auditable map of every block in a project
Brain Map An auditable map of the work

Every block carries its environment, dependencies and a content hash — change one and you see exactly what it affects before you act.

Security & data FAQ

The questions technical buyers ask.

Where does my data live, and what does Command Center access?
In a closed space owned by your account — multi-tenant Postgres with RLS isolation. The system only accesses what you explicitly show it; nothing is read behind your back.
Does my data train the AI? Who else sees it?
No. With BYOK your data relationship belongs to you and your provider — major API plans don't train on your data by default. Account isolation is enforced in the database, not just the interface.
What happens to my API keys?
Encrypted in a server-side vault. They never touch the browser or frontend code, and you can rotate them anytime.
How do you stop AI spend from running away?
Every call is accounted with the real cost the provider reports, and a pre-call gate checks your monthly budget before spending. Go over and it stops on its own — kill-switch included.
What if the AI hallucinates or fakes a result?
Inviolable rule: never fake progress, never "done" without a real, findable result, and unknowns are marked [NOT DOCUMENTED]. The security agent holds a veto enforced in the database.
Can the AI do something irreversible?
No. Irreversible actions require explicit human confirmation via a guardrail that can't be uninstalled. What can't be undone gets confirmed.
What if the provider goes down mid-task?
The task does not change state and nothing is charged. No phantom success.
Does it meet regulated-industry requirements?
The design points there — full audit log, RLS isolation, a BYO Database option — but formal certifications (SOC 2, ISO 20022) are on the Enterprise roadmap. We don't promise tomorrow's things for today.

The day a regulator asks, you already have the answer.

Start free — bring your own key →