Security

Security boundaries that stay visible in the workflow.

GrowFlux protects tenant data, credentials, product facts, approvals, and publication actions through explicit access and execution boundaries. This page describes current product behavior; it does not claim certifications that have not been independently completed.

Tenant and account isolation

Users access active workspaces through session-based authentication. Data queries and mutations are scoped to the active tenant, while internal operator access uses separate controls. Brand facts, assets, social authorizations, and run evidence must not cross tenant boundaries.

Credentials and providers

Provider and connector credentials are tenant-scoped and are not displayed back as reusable plaintext. Managed AI calls and BYOK calls remain distinguishable. When a workflow uses an AI or media provider, the required inputs are sent to that selected provider under the applicable service relationship.

Review and publication

Content generation does not equal authorization to publish. Review state, destination selection, connector account, idempotency, and publication evidence remain explicit. Provider or connector failures are visible and are not silently converted into generic success.

Infrastructure and payments

GrowFlux uses Cloudflare services including Workers, D1, KV, and R2 for application execution, data, and assets. Transport is encrypted. Airwallex and PayPal process payment details; GrowFlux does not store raw card numbers.

Last updated: · Maintained by GrowFlux