Security & Trust
An AI that edits your website only works if you trust it.
So we engineered trust into the product before anything else. You stay in control of every change, we touch the minimum we need, and you can pull the plug at any moment. Here is exactly how it works.
Human approval on everything
Our agents propose changes; they never publish on their own. Every edit appears in your dashboard with the data behind it, and nothing goes live until you click approve. On the Managed plan you can switch on autopilot, which approves proposals for you — entirely at your discretion.
Least-privilege access
We request read-only access to your Google Search Console performance data, and — only if you connect a CMS — the credentials needed to create the drafts you approve. We do not request, receive, or store access to customers, orders, payments, or any personal data your platform holds.
Revocable, no passwords
Connections are made through your platform’s own secure authorisation (OAuth) or a one-line snippet. We never ask for your password, and you can revoke our access in one click from your own platform settings at any time.
Encryption everywhere
All data is encrypted in transit (TLS) and at rest. Authorisation tokens are kept in an isolated server-only store that client sessions cannot read, and are never exposed to the browser.
UK / EU data residency
Your data is stored in the UK/EU region and we operate under UK GDPR. A Data Processing Agreement is available on request.
Full audit trail
Every change we make is logged with its before-and-after values and a timestamp, so anything we touch can be traced and reverted. Nothing we do is permanent or hidden.
What we can and cannot access
✓ We can edit
- Page & post content
- Titles & meta descriptions
- Structured data (schema)
- Internal links
- Headings & on-page copy
✕ We never access
- Customer records
- Orders & transactions
- Payment details
- Email lists & PII
- Admin users & passwords