Built so your ops data — and your AI — stay in your control.
Scoped tokens. Role-based access. Full audit trails. AI write controls. Approval workflows. Simulation mode. The same guardrails that protect your team protect every agent you connect.
Scoped REST tokens
Agent API tokens carry fine-grained scopes — events:read, milestones:write, pins:read. Each token is signed, owner-attributed and revocable.
No shared passwords
Operators sign in with their own account. Agents and integrations use their own scoped tokens. No one logs in as anyone else.
Token rotation & revocation
Rotate or revoke tokens at any time from Settings → Agent API. Old tokens stop working immediately; audit log preserves what they did.
SSO on custom plans
SAML and OIDC single sign-on for custom plans. Centralise account lifecycle in your identity provider.
Advanced RBAC
Workspace roles for owners, operators and view-only members. Custom roles available on operations and custom plans.
Audit logs
Every sensitive action is logged with actor, scope, change and timestamp — UI, AI and Agent API calls included.
Data export
Your data is yours. Export clients, events, crew, inventory and finance anytime in CSV.
AI write controls
The assistant runs read-only by default. An owner toggle in Settings turns on write — and turns it off the same way.
Approval workflows
Sensitive actions can require explicit human sign-off before the AI or an agent commits the change.
Simulation mode
Preview what a change would do before it happens. No mystery writes, no broken assumptions.
Data access boundaries
Row-level security at the database layer. Multi-tenant by design — your workspace is your boundary.
Enterprise support
SLA-backed support, dedicated success manager, and procurement-friendly terms on custom plans (MSA, DPA, security review).
How AI write access works in practice.
On Starter and Professional plans the assistant is strictly read-only. It can answer, summarise and surface gaps — but it cannot change a thing.
On Operations and custom plans the workspace owner can turn on write access from Settings. Once enabled, the assistant can update milestones, create events and change pin statuses — but only inside the requesting user's permissions, and only inside row-level security boundaries.
Every write is logged with the prompt, the change, the actor and a timestamp. You can review the audit log at any time, and revoke write access with the same toggle that enabled it.
Want a deeper security walkthrough?
Book 30 minutes with the team. We'll cover RBAC, audit logs, AI controls and answer procurement and security review questions.