Security and control

AI actions should be encrypted, explicit, permissioned and visible.

SIMCOAI is designed so customer and business workflows use authenticated access, high-level encryption controls, backend permission checks and reviewable records.

Authentication

Supabase Auth

Authenticated sessions protect dashboard.

Encryption

High-level encryption

SIMCOAI uses TLS in transit, encrypted secrets, provider-side encrypted storage and field-level encryption foundations for sensitive payloads.

Data access

Row-level security

Operational tables are scoped to authenticated users.

Application

Server-side enforcement

AI data access and update permissions are checked by backend logic.

API keys

Scoped secret keys

SIMCOAI API keys should be hashed, revocable, rate-limited and scoped to one business account.

Payments

Stripe controls

Checkout and subscription management use Stripe APIs and verified events.

Voice

Twilio verification

Production voice webhooks are verified before handling calls.

Operations

Logs and notifications

Conversations, calls, automation and notification delivery remain reviewable.

Automation guardrails

Separate permissions for separate risks.

A business can allow the AI to read orders without allowing updates, verify and mark refunds without moving payment, or collect bookings without automatic approval.

01

Read permissions

Control whether operational records may be included in AI context.

Explicit
02

Update permissions

Control whether AI may change order, refund or booking status.

Explicit
03

Approval permissions

Automatic approvals require configured rules and policy compliance.

Guarded
04

Payment execution

verified refund status marking is a separate, default-off permission.

Default off
Responsible deployment

Businesses remain responsible for configuring lawful, accurate workflows.

SIMCOAI provides controls and infrastructure. Customers must configure appropriate policies, notices, permissions, data handling and human oversight for their sector and use case.

Read GDPR informationSecurity enquiry
The SIMCOAI approach

Security is part of the workflow

01Least privilege

Give AI only the data and actions it needs.

02Verified events

Authenticate external calls and payment events.

03Auditability

Retain records of actions, outcomes and delivery.

Security questions

Talk to SIMCOAI about your requirements.

Contact usPrivacy notice