Security & data

All queries are scoped by tenant_id at the repository layer. Cross-workspace reads are impossible from the API surface.

Credentials and OAuth tokens are encrypted at rest with envelope encryption. TLS 1.2+ everywhere in transit.

Inbound conversation data (calls, SMS, email) is run through a PII scrubber before it's persisted to traces. Toggle workspace-wide policy in /governance.

Email security@mitosis.aliune.com for vulnerability disclosures. We acknowledge within 1 business day.